Overall APM 9.7 to 10.7+ are not impacted by the above Apache Struts vulnerabilities as it doesn't use any of the problematic 2.x versions
1) The APM Webview login page and CEM Tess uses Struts Framework struts version 1.2.7 and 1.2.4 however APM Development team has removed struts dependency starting from 10.5.2 Hotfix # 35.
NOTE: Struts-menu-2.3.jar is Tag library which is not related to struts 2 framework. This Tag library only used at client side to render the menus. No user input will be send to server through these menus.
2) The APM Command Center (ACC) and Agents do not use struts library