The version of Tomcat shipped with 12.8 SP6 and lower versions of Access gateway are prior to Tomcat 9.0.58.

Is it impacted by the following CVE-2022-23181 and  CVE-2020-9484 ??

12.8 SP6 and Access Gateway and lower Releases 

Both CVE's i.e CVE-2022-23181, CVE-2020-9484 are talking about Persist Sessions using FIleStore.

The Access Gateway that is being shipped is not going to to use FileStore configuration to persist sessions. Hence these reported CVE's are not impacted for Access Gateway