During security scanning of our environment following Vulnerability found in Jira Data Center version 7.10.12.

During brief search on internet found that this is related to Spring Data Rest Library version. 

Any help will be appreciated in resolving or overcoming this CVE.

---------------------------------------------------------

Spring Data REST provides REST web services on top of Spring Data repositories, exposing data structures representing the application model. A Spring Expression Language injection vulnerability identified by CVE-2017-8046 allows remote attackers to achieve remote code execution (RCE) in applications exposing Spring Data REST endpoints. This RCE can be exploited by attackers to invoke arbitrary java commands (e.g. java.lang.Runtime).getRuntime().exec()) which can facilitate arbitrary command execution. The vulnerability is manifested in applications using Spring Data REST library 2.6.8 and earlier.

------------------------------------------------------------

Scanning Details with 

Expression Language Injection: Spring ( 11579 ) View Description

CWE: 94,95

Kingdom: Input Validation and Representation

Page: https://<<JIra-URL>>:443/browse/DCL-429

Request:

PATCH /browse/DCL-429 HTTP/1.1
Referer: https://<<JIra-URL>>/browse/DCL-2
Accept: */*
Pragma: no-cache
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Host: <<JIRA-URL>>
Content-Type: application/json-patch+json
Connection: Keep-Alive
Content-Length: 85
X-WIPP: AscVersion=18.10.127.0
X-Scan-Memo: Category="Audit.Attack"; SID="9F705117AF15BD0C9033A9C5A9394EB1";
PSID="35B57D1E4592584348C3E9FF65A68363"; SessionType="AuditAttack"; CrawlType="None";
AttackType="Other"; OriginatingEngineID="10a0aa96-8371-4433-b206-6660f3859642";
AttackSequence="0"; AttackParamDesc=""; AttackParamIndex="0"; AttackParamSubIndex="0";
CheckId="11579"; Engine="Spring+DATARESTEL+Injection"; SmartMode="NonServerSpecificOnly";
ThreadId="1519"; ThreadType="AuditorStateRequestor";
X-RequestManager-Memo: RequestorThreadIndex="0"; sid="175024"; smi="0"; sc="1"; ID="61195b39-
25c4-48f0-ac85-a1ad62e7ee25";
X-Request-Memo: ID="e84556ea-9117-42e7-8ecc-d5fc4e136600"; sc="1"; ThreadId="1519";
Cookie: CustomCookie=WebInspect0
[{"op":"copy","path":"","from":"T(java.util.concurrent.TimeUnit).SECONDS.sleep(10)"}]

Response:

HTTP/1.1 403
Date: Wed, 19 Dec 2018 13:42:52 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Server: Apache
X-AREQUESTID: 822x962139x1
X-ANODEID: node2
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'self' *.<<AWS-Domain>>; script-src 'self' *.<<AWS-Domain>> 'unsafeinline'
'unsafe-eval'; style-src 'self' *.<<AWS-Domain>> 'unsafe-inline'; img-src 'self' *.<<AWS-Domain>>
data:; connect-src 'self' *.<<AWS-Domain>>; font-src 'self' *.<<AWS-Domain>>; object-src 'self'
*.<<AWS-Domain>>; media-src 'self' *.<<AWS-Domain>>; frame-src 'self' *.<<AWS-Domain>>; child-src 'self'
*.<<AWS-Domain>>; form-action 'self' *.<<AWS-Domain>>;
Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
X-Seraph-LoginReason: AUTHENTICATION_DENIED
WWW-Authenticate: OAuth realm="https%3A%2F%2Fgbs-<<JIRA-URL>>"
X-ASESSIONID: jredio
jXir-aA.uusthdecnatgic.aawtiosn.r-aDye.cnoiemd/-lRogeians.josnp: CAPTCHA_CHALLENGE; login-url=https://<<JIra-URL>>/login.jsp
Content-Length: 18233
Set-Cookie:
AWSALB=emmy5fznvI73hzAb4LZKPp4M582dUE6vlMUJnogrhcEZhVHP3nO/jVGM71lEYjk8Im6p/62I3
n8ppKv7RAV0uQzyX4OXgLBVVAzAT8E00HDQmzEBLqFzbcxaWzC0; Expires=Wed, 26 Dec 2018
13:42:52 GMT; Path=/
Set-Cookie:
AWSALB=cqHEgIWMdUfQAYKL5ua1zcgHYY+bYI9pyr4ZRnWiq+3TT4dlmSLtTnoBxIIzg2uLLH2VgVJA
V7XuMf7LzMZTUfFrJEuqOC/ITTPmBrURcYRJ8CEAwmWn5yJxEm0JnIBr040ozL0JDeGM7gwsPr8M
PNBL5lHf+2nwdOpsaZ9ndAouXkAP6RjUp3TKLfj4KQ==; Expires=Wed, 26 Dec 2018 13:42:52 GMT;
Path=/;HttpOnly;Secure;HttpOnly;Secure
Set-Cookie:
JSESSIONID=92C9BB388EA21FA5C58870D0098C7C75;path=/;Secure;HttpOnly;HttpOnly;Secure;Htt
pOnly;Secure