Precondition

• I checked the issues list for existing open or closed reports of the same problem.

Describe the bug
The link to NIST's NVD via https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aapache&cpe_product=cpe%3A%2F%3Aapache%3Astruts&cpe_version=cpe%3A%2F%3Aapache%3Astruts%3A1.2.9 showed 311.310 CVEs

Version of dependency-check used
dependency-check version: 12.1.3

Log file
none

To Reproduce
Scan something e.g. with Apache Struts v1.2.x

Expected behavior
I passed a WAR file to dependency check which contains a defined set of Java libs. Here specifically: ./WEB-INF/lib/struts-1.2.9.jar . So my expectation was to be precise on the software used.

Maybe pass the product (CNA) .
Additional context
(not that it matters much: Results from MVN are less : 4x HIGH (trivy: 2 CVEs MEDIUM)