If the version of Log4j used by BI4.2+ is too old to have the issue, CVE-2021-44228 - BusinessObjects impact for Log4j vulnerability, I would assume that the version of Log4j used by XI3.1 would also be too old.
2 Likes