We are using vcops-suiteapi-client-1.21-all.jar which contains slf4j-1.7.25 which is vulnerable. Is there any way to remove this vulnerable jar? Is there any alternate jar which would do all the operations that can be done by vcops-suiteapi-client-1.21-all.jar?
If you mean CVE-2018-8088 vulnerability - the investigation shows that it's actually is false positive
the correspond owner replied me that: