remediation plans to fix the vulnerability for the log4j version
during analysis we found that the log4j is used in the below paths and we are presenting high vulnerability by using this versions. could you please mention what are the remediation plans for the vulnerability to fix. /opt/oracle.ahf/common/jlib/log4j-api-2.13.3.jar /opt/oracle.ahf/common/jlib/log4j-core-2.13.3.jar /opt/perf/newconfig/java/log4j-1.2.8.jar /opt/perf/newconfig/java/log4j.dtd /orawork/oracle.ahf/common/jlib/log4j-api-2.13.3.jar /orawork/oracle.ahf/common/jlib/log4j-core-2.13.3.jar
I see you are using a very old version of Mendix.
You would need to move up to one of the long term support versions of Mendix as these have security fixes applied to them.
The closest long term support version to yours is 7.23.
More details on long term support can be found here.
Mendix published an incident report (updating regularly) for this, maybe it can be helpful;