Can we replace the older version log4j-core-2.12.0.jar to log4j-core-2.17.0.jar which is under modules/system/layers/base/com/ca/iam/log4j2/core/main/log4j-core-2.12.0.jar

Will it impact Identity Governance anyway if we only replace the log4j jar file?

Identity Governance 14.4 Standalone

FYI

It is safe to remove the log4j-core-2.12.0.jar and keep log4j-core-2.17.0.jar

You also want to remove log4j-api-2.12.0 and keep log4j-api-2.17.1 which is under  modules\system\layers\base\com\ca\iam\log4j2\api\main

then restart Identity Governance