Our security team had raised a concern about the CVEs found regarding the SSH. Can you please let us know if there is fix/hotfix available or any plans to fix this soon. 

Our GWs are of v11.1.1 with the December patch applied. 

11.1

It looks your security scanner only looks at the version and compare is it the openssh version from the openssh website .

openssh says it is fixed in 9.3.p2 . 

Most linux distribution will not update the whole package to the new release due to code stability and will backport the change the current version distributed with the OS release . 

Redhat , Suse and debian are doing this there for the fixed version is still 9.2.xxx and not 9.3p2 from openssh itself

see 

https://access.redhat.com/security/cve/cve-2023-38408

see the questions on the bottom 

Why is my security scanner reporting my product as vulnerable to this vulnerability even though my product version is fixed.

For suse

https://lists.suse.com/pipermail/sle-security-updates/2023-July/015608.html

it has been fixed in 

- openssh-common-8.4p1-150300.3.22.1 updated

for debian below is the fix list for current version 

https://security-tracker.debian.org/tracker/source-package/openssh