Risk is identifying the following component as a log4j vulnerability and wanted to know if it is okay to remove the following and if it would affect APM agent metrics.

We have our agents on a typical configuration. the vulnerability is showing under /opt/apmia/extensions/AWSExtension/lib/external/log4j-1.2.17.jar 

I know it is not a vulnerability from reading the following:

CVE-2017-5645, CVE-2019-17571, CVE-2021-4104, CVE-2020-9488, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 LOG4J 1.x VULNERABILITY AND BROADCOM CA APM

but wondering if that piece can be removed so it does not keep popping up on risk/vulnerability scans.

• Release: 10.7.0

Removing $apmia/extensions/AWSExtension/lib/external/log4j-1.2.17.jar would likely cause the APMIA AWS agent extension to fail and stop working so it should not be removed unless the AWSExtension is not used.