While testing for vulnerable versions of the Apache log4j libraries, some are found in the REPLACED folder, even after patching for the vulnerability.
Release : 17.3
Component :
Files in the REPLACED folder structure are merely backups of those replaced during the patch install.
They're not in the executable library path, so shouldn't cause a problem. However, if you wish to zip up / backup / delete them to stop the scanner setting an alarm of, you're welcome to do so.