One of our servers is reporting for the below vulnerability. Could you please suggest the remediation that needs to be applied.

 cve-2022-22970 and cve-2022-22971

Spring Framework Denial of Service (DoS) Data Binding Vulnerability:

/opt/nimsoft/probes/slm/baseline_engine/lib/spring-core-5.3.18.jar

/opt/nimsoft/probes/slm/prediction_engine/lib/spring-core-5.3.18.jar

Release : 20.4

The resolution is included in UIM 20.4CU8 or later. Please upgrade the UIM to the latest CU version.

From the description of these vulnerabilities there is no impact to baseline_engine or prediction_engine based on intended use for which the vulnerability can occur. 

CVE-2022-22970

In spring framework versions prior to 5.3.20+, 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

CVE-2022-22971

In spring framework versions prior to 5.3.20+, 5.2.22+ and old unsupported versions, applications with a STOMP over WebSocket endpoint are vulnerable to a denial-of-service attack by an authenticated user.

baseline_engine or prediction_engine modules are not vulnerable based on the above description due to their usage. Also, both these vulnerabilities are present in the medium category.  However, in the latest CU8 where we are using Spring 5.3.27 version and these vulnerabilities are remediated.