I'm running an older version of Manage Engine 14332 that uses Tomcat 9.0.16
Tenable vulnerability tools are reporting the following Medium severity issues.
Apache Tomcat 8.5.x < 8.5.58 / 9.0.x < 9.0.38 HTTP/2 Request Mix-Up
Apache Tomcat 9.0.0.M1 < 9.0.20 DoS
Apache Tomcat 9.0.0.M1 < 9.0.36 DoS
I had a look at the change history for newer versions but didn't see any mention of a newer Tomcat.
For us, these vulnerabilities are not an issue but it's always good to keep vulnerability reports as clean as possible so in some future version it would be good if you could upgrade Application Manager to use the latest version of Tomcat 9.