After applying the official patch released for log4j vulnerabilities which upgraded log4j version to 2.3.1, we are still getting an alert for log4j-core-2.3.1.jar being vulnerable.
https://knowledge.broadcom.com/external/article?articleId=230278
Utilizing https://github.com/Qualys/log4jscanwin for vulnerability scan
Release : 14.x
Component : Identity Manager
Out of date scanning utility used
Please ensure you utilize release 1.2.19 as a minimum or 2.0.2 (but not 1.2.18) - these new releases take into account log4j-core-2.3.1.jar as safe.
Utilizing the latest version 2.0.2 will also see log4j 2.3.1 mitigating CVE-2021-45046 & CVE-2021-45105
https://github.com/Qualys/log4jscanwin