I have got CP06 patch installed in our environment to remediate log4J vulnerability. However, I am wondering for new servers. Do we have new ITPAM agent executable files available in CA portal which doesn't have log4J vulnerability in them?

Release : 4.3.5

Component : ITPAM Agent

The CP06 Agent installer is not available for download via the support portal. After CP06 is installed on the domain orchestrator, the agent installation executable can be found in the same location described in the product documentation for performing Silent Installs: Silent Agent Installation (install_dir/server/c2o/.c2orepository/media). 

The agent installer can be run using the Agent Installer executable file or using the JNLP as described here: Interactive Agent Installation

The CP05 and CP06 installers behave the same. All of the agent's files do not get laid down - only a portion. When the agent service is started it will connect to the the domain orchestrator to get the remaining files. An agent installed after CP06 is installed with only the Log4j 2.17.1 version (as long as you use the "installation.jnlp" or the AgentInstall executable from the media folder on the domain orchestrator).