I have a project with a vulnerable log4j 2 jar. The dependency check Jenkins plugin report does not contain the finding CVE-2021-44228.

I ran the standalone dependency check on the command line and it finds the vulnerability.

I've ensured Jenkins is using the latest dependency check version and NVD files.

Other vulnerable jar files are being found and detected but not this one.