The AAI v6.5.4 uses spring-core-5.3.19.jar which has the following vulnerabilities.
Product: Automation Analytics & Intelligence 6.5.4 or lower
N/A
The two CVEs mentioned have been fixed as mentioned below.