The CA Service Management solution uses Apache Tomcat. Announcements of newly discovered or newly fixed vulnerabilities occur regularly.
For example, the following issue was reported publicly on 6 April 2018 and formally announced as a vulnerability on 22 July 2018.
Title: CVE-2018-1336 Apache Tomcat - Denial of Service
Description: An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service
Affects: 7.0.28 to 7.0.88; 8.5.0 to 8.5.30
CA Service Management 17.1
The current point versions of Tomcat are supported as per the following statements in the documentation:
|CA SDM||CA Service Catalog||CA APM||USS||xFlow Analyst Interface|
Please also review the following enhancement Idea in CA Communities:
Title: Add support for the recent version of Tomcat 9.x and JRE 10.x