As of December 28, new build product binaries which cover the first four CVE's were made available for versions 21.1.1, 21.2.1, and 21.2.2, which includes Log4j v2.17. Review of code shows that SteelConnect EX is NOT VULNERABLE to CVE-2021-44832.
To ensure the proper code is installed, please download the appropriate .bin file and apply to your existing systems. If you install using the other methods (.iso, .ova, .tbz2), you must download and install the new .bin file in order to get the new version of Log4j.
Links to the .bin files are listed below:
Previously a patch for CVE-2021-44228 only was made available on the Support site on Dec 15 2021 at the following links:
If you have applied this patch already, Riverbed recommends you proceed to update the entire installation with the newly available build.