Per engineering, below two problems are applicable to agent. since have not found any referred jars/component/binaries (PDF report) in agent classpath or folder.
Among these only Guava 19.0 has vulnerability with CVE number CVE-2018-10237. Have done the analysis on the vulnerability and found that Guava allocates unbounded memory based on user input data. This is a false positive for agent because the agent doesn't take any values from the user/end-user other than properties file. which is managed by the administrator.
Another one is commons-compress has sonatype-2018-0293 doesn't have any publicly available details to analyze the vulnerability.