Risk is identifying the following component as a log4j vulnerability and wanted to know if it is okay to remove the following and if it would affect APM agent metrics.
We have our agents on a typical configuration. the vulnerability is showing under /opt/apmia/extensions/AWSExtension/lib/external/log4j-1.2.17.jar
I know it is not a vulnerability from reading the following:
CVE-2017-5645, CVE-2019-17571, CVE-2021-4104, CVE-2020-9488, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 LOG4J 1.x VULNERABILITY AND BROADCOM CA APM
but wondering if that piece can be removed so it does not keep popping up on risk/vulnerability scans.
Release : 10.7.0
Removing $apmia/extensions/AWSExtension/lib/external/log4j-1.2.17.jar would likely cause the APMIA AWS agent extension to fail and stop working.