We are seeing some critical and high vulnerabilities in some of the packages which are bundled along with wildfly 32.0.1.Final

 

1. dom4j:1.6 --> CVE-2020-10683 (critical)

2. aws-java-sdk-s3:1.11.750 --> CVE-2022-45688 (high)

3. json , version 20201115 --> CVE-2022-45688 (high)

4. undertow-core, version 2.3.12.Final --> CVE-2024-6162 (high)

5. xnio-api, version 3.8.13.Final --> CVE-2023-5685 (high)

6. activemq-artemis-native, version 2.0.0 --> CVE-2022-41678 (high)

7. spring-web, version 6.1.5 --> CVE-2024-22262 (high)

8. wildfly-elytron-realm-token, version 2.2.3.Final --> CVE-2024-1233 (high)

9. soap, version 2.3.1 --> CVE-2022-45378

 

Any guidance on how we can rectify these vulnerabilities while using wildfly 32.0.1.Final?

 

Thanks,

Pawan