As a quick workaround for CVE-2016-4970, CVE-2015-2156, all that has to be done is replace netty-all-4.0.26.Final.jar has to be manually replaced with netty-all-4.0.37.Final.jar.
On my system, I found this file in C:\Program Files\CA APM\Introscope10.7.0.35\APMSqlServer\repo