Windows 10 Defender Antivirus and also Microsoft Safety Scanner deteted and quarantined a threat of category "Exploit" named "Exploit:Java/Obfuscator.F" in TemenosSecurity.jar file and several other jars of the Temenos T24 TAFJ software which runs as a standalone Java app and also as J2EE in JBoss EAP Java application server container.
The software is provided by an official distributer, it should be virus free and can be trusted. The internet however says many bad things about "Exploit:Java/Obfuscator.F" like:
This threat has been "obfuscated", which means it has tried to hide its purpose so your security software doesn't detect it. The malware that lies underneath this obfuscation can have almost any purpose.
What causes Windows Defender Antivirus to detect this threat? Can attackers exploit this vulnerability? And what Software provider should have done differently to avoid this jar being detected by Antivirus?
I'd take the information seriously and get in contact with the distributor. Just because the software comes from an "official" source, doesn't mean it is free from malware by default.
There are a couple of instances in the past (even in the Good Old Days[TM] where stuff was shipped on floppy discs) where hardware and software vendors where shipping their stuff with some unwanted malware as a bonus. Just a recent example is the Pear.php.net service that was compromised for half a year, delivering PHP-modules including malware.
To answer your other questions:
What causes Windows Defender Antivirus to detect this threat?
It used one of its detection mechanisms to find it. There are different ones, so it's hard to say from Here[TM]. A way to rule out a false alarm is to go to Virustotal and upload one of the offending files. The file will be tested against 60 and more virus scanners and if more than just a few spit out warnings, you can assume that the file actually contains the malware.
Can attackers exploit this vulnerability?
If it's not a false alarm (and if multiple jars are reported being affected it doesn't sound like one), yes I suppose.
And what Software provider should have done differently to avoid this jar being detected by Antivirus?
Not bundling their software with malware would be a start ;-)