diff --git a/smp-parent-pom/pom.xml b/smp-parent-pom/pom.xml
index 30b43049c7829c39fa6fa5ef73a7e627cf34e1c9..74b0eb7ed54945093f5660a126f65c432356f85a 100644
--- a/smp-parent-pom/pom.xml
+++ b/smp-parent-pom/pom.xml
@@ -49,7 +49,7 @@
         <edelivery.ssl-auth.version>1.8</edelivery.ssl-auth.version>
 
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <slf4j.version>1.7.26</slf4j.version>
+        <slf4j.version>1.7.32</slf4j.version>
         <spring.version>5.3.9</spring.version>
         <spring.security.version>5.5.2</spring.security.version>
         <spring.boot.version>2.1.8.RELEASE</spring.boot.version>
@@ -69,6 +69,8 @@
         <javaee-api.version>7.0</javaee-api.version>
         <commons-lang3.version>3.12.0</commons-lang3.version>
         <commons-validator.version>1.7</commons-validator.version>
+        <commons-collections.version>3.2.2</commons-collections.version>
+        <commons-beanutils.version>1.9.4</commons-beanutils.version>
         <junit.version>4.12</junit.version>
         <mockito.version>2.23.4</mockito.version>
         <guava.version>24.1.1-jre</guava.version>
@@ -493,7 +495,20 @@
                 <artifactId>commons-validator</artifactId>
                 <version>${commons-validator.version}</version>
             </dependency>
-
+            <!-- commons-collections and commons-beanutils are transient dependencies of
+            slf4j: 1.7.32 and commons-validator: 1.7
+            they were upgraded because of OWASP reported ISSUE. When upgrading SLF4J check if this is still needed
+          -->
+            <dependency>
+                <groupId>commons-collections</groupId>
+                <artifactId>commons-collections</artifactId>
+                <version>${commons-collections.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>commons-beanutils</groupId>
+                <artifactId>commons-beanutils</artifactId>
+                <version>${commons-beanutils.version}</version>
+            </dependency>
             <dependency>
                 <groupId>commons-io</groupId>
                 <artifactId>commons-io</artifactId>
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
index c40830e59c98c847d0ea5ed0da9d04b7930c1728..ef2a52d16f62eb9074d3e4960ea7e24b3efcddb6 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
@@ -51,7 +51,7 @@ public class AuthenticationResource {
 
     private ConfigurationService configurationService;
 
-    public CsrfTokenRepository csrfTokenRepository;
+    private CsrfTokenRepository csrfTokenRepository;
 
     SMPCookieWriter smpCookieWriter;