APM is reporting many critical  vulnerabilities.

The findings are regarding:

• Spring Framework < 5.3.39 / 6.0.x < 6.0.23 / 6.1.x < 6.1.12 HTTP Request DoS (CVE-2024-38809)
• Spring Framework < 5.3.39 Spring Expression DoS (CVE-2024-38808)
• Spring Framework < 5.3.40 / 6.0.x < 6.0.24 / 6.1.x < 6.1.13 Path Traversal (CVE-2024-38816)

The fix for all of these is "Upgrade to Spring Framework version 5.3.40; 6.0.24; 6.1.13 or later."

There is an additional finding for SSH Server CBC Mode Ciphers Enabled (CVE-2008-5161) which tells us to "Contact the vendor or consult product documentation to disable CBC mode cipher encryption; and enable CTR or GCM cipher mode encryption." 

These vulnerabilities will be fix with the APM 10.8 SP2. The APM 10.8 SP2 will address all critical and high security vulnerabilities, plus other medium and low (among other changes).