I am looking for remediation for  Apache Tomcat vulnerabilities on the Jasper Reporting server listed below:

CVE-2023-28708 - https://nvd.nist.gov/vuln/detail/CVE-2023-28708
   (tomcat 8.5.0 to 8.5.85) (Medium) (When using the RemoteIpFilter with requests received from a reverse proxy)

CVE-2023-24998 - https://nvd.nist.gov/vuln/detail/CVE-2023-24998
   (Apache Commons FileUpload before 1.5) (High)
 
CVE-2022-42252 - https://nvd.nist.gov/vuln/detail/CVE-2022-42252
  (Tomcat 8.5.0 to 8.5.82) (High) (making a request smuggling attack possible if Tomcat was located behind a reverse proxy)

CVE-2022-34305 - https://nvd.nist.gov/vuln/detail/CVE-2022-34305
  (Tomcat 8.5.50 to 8.5.81) (Medium) (Form authentication example in the examples web application displayed user provided data)

CVE-2022-25762 - https://nvd.nist.gov/vuln/detail/cve-2022-25762
   (Tomcat 8.5.0 to 8.5.75) (High) (CABI does not use WebSockets)

CVE-2022-29885 - https://nvd.nist.gov/vuln/detail/CVE-2022-29885
   (Tomcat 8.5.38 to 8.5.78) (High) (EncryptInterceptor ??)

CVE-2022-23181 - https://nvd.nist.gov/vuln/detail/CVE-2022-23181
   (Tomcat 8.5.55 to 8.5.73) (High) (This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore)

CVE-2021-43980 - https://nvd.nist.gov/vuln/detail/CVE-2021-43980
   (Tomcat 8.5.0 to 8.5.77) (Low) (hat could cause client connections to share an Http11Processor)

CVE-2021-42340 - https://nvd.nist.gov/vuln/detail/CVE-2021-42340
   (Tomcat 8.5.60 to 8.5.71) (High) (CABI does not use WebSockets)

CVE-2021-33037 - https://nvd.nist.gov/vuln/detail/CVE-2021-33037
   (Tomcat 8.5.0 to 8.5.66) (Medium) (Only affected if using reverse proxy? Spectrum does not ship/use a reverse proxy unless a user manually configures one)

CVE-2021-30640 - https://nvd.nist.gov/vuln/detail/CVE-2021-30640
   (Tomcat 8.5.0 to 8.5.65) (Medium) (vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name
      and/or to bypass some of the protection provided by the LockOut Realm)

Release : 22.2, 23.3

Upcoming CABI Release 7.9.2.2  will ship with Apache Tomcat 8.5.91 which addresses all of the
   vulnerabilities listed. This will be released with NetOps 23.3.2




CABI 7.9.2.2 will Ship with Apache Tomcat 8.5.91 which will resolve the 4 listed below not covered by CABI 7.9.2,7.9.2.1


CVE-2023-28708 - https://nvd.nist.gov/vuln/detail/CVE-2023-28708  (tomcat 8.5.0 to 8.5.85) 
CVE-2023-24998 - https://nvd.nist.gov/vuln/detail/CVE-2023-24998  (Apache Commons FileUpload before 1.5) 
CVE-2022-42252 - https://nvd.nist.gov/vuln/detail/CVE-2022-42252  (Tomcat 8.5.0 to 8.5.82) 
CVE-2022-34305 - https://nvd.nist.gov/vuln/detail/CVE-2022-34305  (Tomcat 8.5.50 to 8.5.81)
CVE-2022-25762 - https://nvd.nist.gov/vuln/detail/cve-2022-25762    (Tomcat 8.5.0 to 8.5.75



CABI 7.9.2 and 7.9.2.1 uses with Apache Tomcat 8.5.81 and therefore not susceptible to the below CVE's

CVE-2022-25762 - https://nvd.nist.gov/vuln/detail/cve-2022-25762    (Tomcat 8.5.0 to 8.5.75)
CVE-2022-29885 - https://nvd.nist.gov/vuln/detail/CVE-2022-29885  (Tomcat 8.5.38 to 8.5.78)
CVE-2022-23181 - https://nvd.nist.gov/vuln/detail/CVE-2022-23181  (Tomcat 8.5.55 to 8.5.73)
CVE-2021-43980 - https://nvd.nist.gov/vuln/detail/CVE-2021-43980  (Tomcat 8.5.0 to 8.5.77) 
CVE-2021-42340 - https://nvd.nist.gov/vuln/detail/CVE-2021-42340  (Tomcat 8.5.60 to 8.5.71)
CVE-2021-33037 - https://nvd.nist.gov/vuln/detail/CVE-2021-33037  (Tomcat 8.5.0 to 8.5.66) 
CVE-2021-30640 - https://nvd.nist.gov/vuln/detail/CVE-2021-30640  (Tomcat 8.5.0 to 8.5.65) 

CVE-2021-30640 - https://nvd.nist.gov/vuln/detail/CVE-2021-30640