It seems almost all the Java versions are affected by this vulnerability. Just having the latest version of Java or JDK might not save you from the log4j vulnerability unless if you are not using log4j by any means. Though it was widely circulated some of the JDK versions are not affected by this vulnerability, it seems now researchers have found out that it might affect almost all the Java versions by sending some different kind of payloads, it is still possible to exploit this vulnerability.
A Researcher has demonstrated that some attack path works in “ANY Java version” as long as the classes used in the serialized payload are in the application classpath.
Only Solution/Mitigation: Update you log4j version! and put in firewall rules!
Source: https://twitter.com/marcioalm/status/1470361495405875200/photo/1
