Hi Aamir,
I recommend you open a support case and provide us with a copy of the vulnerability you are facing. Please provide CA Support with the CVE or any other information that will help us identify the vulnerability. We can then research and verify if the vulnerability is addressed in a newer release of Spectrum.
Chances are any Oracle/Java vulnerability you have in Spectrum 9.4.2, has been addressed in Spectrum 10.2.1. Also, I would like to make you aware that the Spectrum 9.4.0 through Spectrum 9.4.3 is End of Service as of May 31, 2017. So, upgrading to 10.2.1 is highly recommended.
For a complete list of the Life Cycles for the current releases of Spectrum, see https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/status/support-life-cycle/indexes/ca-spectrum-release-and-support-lifecycle-dates.html
Thank you,
Brad