Advanced Authentication's uninstaller.jar related vulnerabilities pointing to Log4j 1.x usage are called out when vulnerabilities scans are run.
Release : 9.x
Component :Strong Authentication
uninstaller.jar contains references to Log4J 1.x version files that are deemed as vulnerable
uninstaller.jar is related to installanywhere and this file is not related to product functionality or transaction processing, hence is not vulnerable as it cannot be exploited.
To address the concerns (that are not consequential) raised by vulnerability scan, please follow the following steps.
1. As shown in the screen shot below. Please zip the five uninstall folders that are found in the <ARCOT_HOME> folder.
2. Backup the zip file(s) created in #1 above to a location away from the <ARCOT_HOME> folder.
3. Delete the five folders shown in screen shot in #1 above.
4. In future if an uninstall operation is needed then restore the uninstall folders as needed and then uninstall. Remember to remove the uninstall folders for a clean run of your vulnerability scans.