My project uses different versions of jackson library at a number of places, and a security scanner flagged that the binary is vulnerable to CVE-2018-14721. My reading of https://nvd.nist.gov/vuln/detail/CVE-2018-14721 is that the vulnerability is about deserialization of axis2-jaxws classes resulting in SSRF.
Is this CVE applicable if axis2 is not used in the project? Is this CVE applicable to jackson-mapper-lgpl:1.9.3?