Results from mariadb-java-client-2.7.5.jar:
Dependency-Check Failure:
One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '3,0':
mariadb-java-client-2.7.5.jar: CVE-2020-28912, CVE-2021-46669, CVE-2021-46666, CVE-2021-46667
The provided link describes another issue, i guess already patched: CVE-2021-45046, CVE-2021-44228. This is not anymore affect us.
https://nvd.nist.gov/vuln/detail/CVE-2020-28912 ->
https://jira.mariadb.org/browse/MDEV-24040 -> fixed on Versions 10.1.48, 10.2.35, 10.3.26, 10.4.16, 10.5.7 and higher. If we update our Server in version higher then this we are good to go, and can be securelly added to suppression list.
https://nvd.nist.gov/vuln/detail/CVE-2021-46669 ->
https://jira.mariadb.org/browse/MDEV-25638 -> Open! Here i guess we can only wait for a patch.
https://nvd.nist.gov/vuln/detail/CVE-2021-46666 ->
https://jira.mariadb.org/browse/MDEV-25635 -> fixed on Versions 10.6.2, 10.2.39, 10.3.30, 10.4.20, 10.5.11 and higher. If we update our Server in version higher then this we are good to go, and can be securelly added to suppression list.
https://nvd.nist.gov/vuln/detail/CVE-2021-46667 -> 10.2.41, 10.3.32, 10.4.22, 10.5.13, 10.6.5 fixed on Versions 10.2.41, 10.3.32, 10.4.22, 10.5.13, 10.6.5 and higher. If we update our Server in version higher then this we are good to go, and can be securelly added to suppression list.
3 from 4 CVEs can be securelly added to suppressions list, but we should have our mariadb server on last stable version.