Blackduck scans have defected vulnerability in Spring 4.3.30.
Spring-Framework Vulnerable to Denial-of-Service (DoS) via Crafted SpEL Expression
Fixed in version 5.3.17 by this commit.
The latest stable releases can be found here.
This vulnerability issue is related to defect DE532144
All the security vulnerabilities are fixed in the latest Spring Framework 5.3.18: https://mvnrepository.com/
We will upgrade it to the latest 5.3.18 in APM 10.8.1 to completely resolve the vulnerabilities.
Release : 10.7.0
Component : Introscope
No solution or workaround available at the present time