During the server vulnerability scan, a log4j vulnerability might be identified at the path below.

Path: /apps/xyz/modules/com/ca/iam/log4j2/core/main/log4j-core-2.12.0.jar

Installed version: 2.12.0

How to replace it with the stable/latest version?

CA Identity Manager, CA Identity Portal, CA Identity Governance 14.5,14.5.1

Identity Portal 14.5 and 14.5.1 have remnants of an older version of log4j-core-2.12.0.jar

The Identity Portal 14.5 has upgraded Log4j to version 2.20.0. Post upgrade of Identity portal to 14.5, if you see any remnants of an older version of log4j, you can safely remove them.

Replace the  log4j-core-2.12.0.jar with log4j-core-2.20.0.jar, and after restarting the server, everything should be working fine.