The CA Service Management solution uses Apache Tomcat. Announcements of newly discovered or newly fixed vulnerabilities occur regularly.
For example, the following issue was reported publicly on 6 April 2018 and formally announced as a vulnerability on 22 July 2018.
Title: CVE-2018-1336 Apache Tomcat - Denial of Service
Description: An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service
Affects: 7.0.28 to 7.0.88; 8.5.0 to 8.5.30
CA SDM | CA Service Catalog | CA APM | USS | xFlow Analyst Interface |
(8.5.6) | (8.5.6) | (8.5.6) | (7.0.40) | NA |