It seems that the Watchguard AD Helper uses Log4J in the vulnerable Version 2.14.0. Any information on this? I found nothing in the web.
i investigated this a little further:
After an Update to Version 220.127.116.1164 Version 2.15.0 is used, but after recent reports these version is with certain circumstances vulnerable too:
For sure... AD Helper is normally not published to the outside world... but maybe in the future the use of these vulnerablities will increase, when the "easy access" vulnerabilities will be closed....
AD helper is being patched, but there are mitigating circumstances in place.
You can find more information here:https://www.watchguard.com/wgrd-blog/apache-log4j-vulnerability
and more details here, specific to your concern near the bottom of the article.https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/
WatchGuard Customer Support