@Emilian
Path : \WebConsole\WEB-INF\lib\log4j-over-slf4j-1.7.32.jar
The log4j-over-slf4j library is used to remove dependencies on the actual log4j library from applications. It is not log4j, and it is not vulnerable to the security issues that affect log4j.
Any automated security scanner that performs lookups against a database of known CVEs could determine this immediately. The customer can see for themselves by comparing the “Vulnerabilities” columns of the libraries on mvnrepository:
Log4j 1.x: https://mvnrepository.com/artifact/log4j/log4j
log4j-over-slf4j: https://mvnrepository.com/artifact/org.slf4j/log4j-over-slf4j (no vulnerabilities present)
Note: We do not use any vulnerable Log4J files anymore in Commvault and We are only using Log4J 2.17.1 and above.
With Commvault Platform Release 11.30 the old ones is removed so we should be good to clean these manually if needed.