Are any ManageEngine products (like ServicedeskPlus) vulnerable to recent "Ghostcat" exploit?

Are any ManageEngine products (like ServicedeskPlus) vulnerable to recent "Ghostcat" exploit?

i see referenced in this previous post


that some manageengine products are based on Apache Tomcat. given the most recent "ghostcat" exploit that was discovered, what is the eta for updates to use a version of tomcat which has this patched?

Exploit details:


Detailed Analysis:


Are there any steps that customers can take immediately to workaround this issue until a patch is released?



        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products