The scanner is probably triggering off of the CLR version, which doesn't change in value even though the version of .NET Framework installed on the computer may be a supported version such as v4.7.2 or v4.8. Using the CLR version isn't good enough to detect a real vulnerability.
While v4.7.2 is still supported, it really depends on your app. If the app you're scanning isn't an ASP.NET server app, which is most likely what the vulnerability is talking about, you wouldn't even need to worry about that issue. If it was an ASP.NET server app, you would want to make sure it's using a supported .NET Framework version (which it seems to be) and make sure that the version of .NET Framework installed on Windows is the latest version, which is .NET Framework 4.8.1