As per below CVE it says fix was provided for Log4j vulnerability for APM
The location of the vulnerability found is added in the image in attachments.
Release : 10.0
You are using an unsupported log4j release (see below) .
If you check the Log4J EOL Apache Log4j, it states that 1.x has not been supported since 2015.
Many 1.2.x issues are false positives
HOTFIX # 84 DE496642 - Security vulnerabilities in Apache log4j 1.2rc1, 1.2.14 and 1.2.17
Apache Log4j Unsupported Version Detection (deprecated) covers log4j 1.4 not 1.2. (although same resolution)