Tomcat vulnerabilities

Tomcat vulnerabilities

Hi there,

Endpoint Central shows multiple vulnerabilities in Apache Tomcat (version 8.5.57) in our installation of AD SSP (version 6.1 build 6123). I realize that there several newer releases of AD SSP available, but according to the release notes, Tomcat has not been updated in any of them. These are the vulnerabilities listed:

CVE-2020-17527
CVE-2020-17527
CVE-2021-24122
CVE-2021-25329
CVE-2020-9484
CVE-2021-25122
CVE-2021-42340
CVE-2021-42340
CVE-2021-30639
CVE-2021-41079
CVE-2022-25762
CVE-2022-29885
CVE-2020-13943
CVE-2021-33037
CVE-2021-30640
CVE-2022-23181
CVE-2020-9484
CVE-2022-34305
CVE-2022-42252
CVE-2023-24998

Is ManageEngine planning to update the version of Tomcat bundled with AD SSP to resolve these?


Can the patch discussed there also be applied to AD SSP to at least bring Tomcat up to 8.5.70?

Thank you.

                New to ADSelfService Plus?