If upgrading Automation Point to a release, service pack, or patch to resolve the Log4j vulnerability issue and it's possible to still getting flagged on a scan detecting the old version of Log4j specifically the following two files:

C:\Program Files (x86)\CA\CA Automation Point\Backup\patch\Classes

caapnfy.war & ca-nim-sm.war

Is it allowed to delete this older version?

Release : 11.7

If upgrading to a valid service pack, patch or release of AP to resolve the vulnerability issue, there is taken a backup of the old environment.. 
This is done to go back to the previous installed version, when needed.
Checking the library that holds these war files, you will see it's a BACKUP directory:

C:\Program Files (x86)\CA\CA Automation Point\Backup\patch\Classes

If the new version is working well, it's possible to delete this directory, or only these 2 files... No problem to remove them...