Tomcat vulnerabilities
Hi there,
Endpoint Central shows multiple vulnerabilities in Apache Tomcat (version 8.5.57) in our installation of AD SSP (version 6.1 build 6123). I realize that there several newer releases of AD SSP available, but according to the release notes, Tomcat has not been updated in any of them. These are the vulnerabilities listed:
CVE-2020-17527
CVE-2020-17527
CVE-2021-24122
CVE-2021-25329
CVE-2020-9484
CVE-2021-25122
CVE-2021-42340
CVE-2021-42340
CVE-2021-30639
CVE-2021-41079
CVE-2022-25762
CVE-2022-29885
CVE-2020-13943
CVE-2021-33037
CVE-2021-30640
CVE-2022-23181
CVE-2020-9484
CVE-2022-34305
CVE-2022-42252
CVE-2023-24998
Is ManageEngine planning to update the version of Tomcat bundled with AD SSP to resolve these?
There is a similar issue with AD Manager discussed here: https://pitstop.manageengine.com/portal/en/community/topic/ad-manager-plus-apache-tomcat-vulnerabilities
Can the patch discussed there also be applied to AD SSP to at least bring Tomcat up to 8.5.70?
Thank you.