For OPMS on RHEL 7.9 OS, there is a vulnerability identified by Red Hat for webkit2gtk3 component.

CVE vulnerability

Does OPMS use this component ? Looking to remove this package. 

As confirmed, OPMS 2021.1.11 uses the old WebKit-based FPM, that has dependency on system packages. It is not possible to remove the vulnerable package without removing FPM. It is not possible to upgrade the package unless the vendor provides a new patched version. Which is unlikely since RHEL 7 is unsupported since June 2024. But maybe the vendor will offer an extended support contract.

Please check OPMS 2022.02 if it also has these packages. If yes, the above applies. If not, check if the machine contains file asm-smartpop-fpm-agent.yml.  If the file is present, they're using a docker image with Chromium 99 which is also affected. But in that case it might be possible to provide a patched image.

Best option is to upgrade to a new OS//OPMS release