The following vulnerabilities have been addressed in DevTest 10.7.0 and greater but still appear on the third party scan report.

• Apache ActiveMQ 5.16.1: CVE-2020-1941, CVE-2020-13920, CVE-2021-26117 and CVE-2020-13947
• Apache WSS4J 1.5.4: CVE-2014-3623, CVE-2015-0227, CVE-2015-0226 and CVE-2011-2487
• Axis (Java) 1.4: CVE-2012-5784, CVE-2014-3596, CVE-2018-8032 and CVE-2019-0227

10.7.0 and 10.7.2 for on-premise installer and Images.

Third party vulnerabilities.

The above vulnerabilities were addressed in 10.7 GA but will still appear in the third party scan as the component version number has not changed. If the third party tool cannot detect the fixes ported by repackaging the jar, then this should be mitigated directly with the third party scan tool.