Based on the URL below, the "Guava" library has a vulnerability in multiple versions.
https://www.cvedetails.com/cve/CVE-2018-10237/
Based on the URL below, version 14.0.1 & version 19 is on the list.
https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/4-5/third-party-software-acknowledgments.html
Is the API Developer Portal affected?
Release : 4.5
Component : API PORTAL
The Guava vulnerability won't affect gateway, or portal.
In portal, all usages are very basic string operations, vulnerable code is not used.