After applying the official patch released for log4j vulnerabilities which upgraded log4j version to 2.3.1, we are still getting an alert for log4j-core-2.3.1.jar being vulnerable.

https://knowledge.broadcom.com/external/article?articleId=230278

Utilizing https://github.com/Qualys/log4jscanwin for vulnerability scan

Release : 14.x

Component : Identity Manager

Out of date scanning utility used

Please ensure you utilize release 1.2.19 as a minimum or 2.0.2 (but not 1.2.18) - these new releases take into account log4j-core-2.3.1.jar as safe.

Utilizing the latest version 2.0.2 will also see log4j 2.3.1 mitigating CVE-2021-45046 & CVE-2021-45105

https://github.com/Qualys/log4jscanwin