Hi,
log4j may be used by various applications, so it's recommended to check if any other applications on your system are also using log4j and update them accordingly.
Below are the additional points you can consider to rectify the issue:
1. Identify the log4j version: Determine the specific version of log4j that is present in those directories. This is important because log4j versions prior to 2.15.0 are vulnerable to the recent log4j vulnerability (CVE-2021-44228).
2. Update or patch log4j: If the log4j version you found is vulnerable, you need to update or patch it to a secure version. As of now, the latest secure version is 2.17.0
3. Replace the vulnerable log4j files: Once you have the updated log4j version, replace the vulnerable log4j files in the directories C:\Program Files\MATLAB or C:\Program Files (x86) with the new version. Make sure to take a backup of the existing files before replacing them.
4. Restart affected applications: After replacing the log4j files, restart any applications that rely on log4j for logging. This ensures that the updated version is being used.
5. Re-scan with Nessus: Once you have completed the above steps, run another scan with Nessus to confirm that the log4j vulnerabilities are no longer detected.
I hope this helps!
