The Customer's Smarts implementation does not use the web application.

The vulnerability scan is picking up CVE-2025-24813.  What can be done to mitigate this scan alert in their environment.

10.x Smarts

Customer can configure the scan to whitelist these jar files identified since customer does not use the web application for Smarts.

Alternatively, since customer does not use the Smarts web application, they can remove the files as it won't affect the regular functions.

Apache Tomcat will be upgraded to version 9.0.102 as part of the Smarts 24.3.10 release.