The above CVE's are showing up in scans as vulnerable on Spectrum 10.4.0 and 10.4.1
Release : 10.4
Component : Spectrum Core / SpectroSERVER
CVE-2020-9484- Spectrum does not use Persistent Manager and therefore we are not vulnerable.
CVE-2019-10072, CVE-2019-0199 - We are vulnerable and fixed in 10.4.2
CVE-2020-9484 - Not vulnerable
CVE-2020-11996 - Vulnerable but fixed in 10.5.0 where we will upgrade to Tomcat 9.0.37+
So our suggestion would be to upgrade to 10.4.2 at the moment to address the first 2. The 3rd is a non-issue and the 4th will be resolved in the future.
10.5.0 has a tentative release date of end of year 2020.