CA Spectrum 10.4.1 is delivered with Apache Tomcat 9.0.24.
Is CA Spectrum affected by vulnerability CVE-2020-9484?
Based on the vulnerability, Tomcat versions 9.0.0.M1 through 9.0.34 are affected.
Spectrum does not use PersistenceManager in Tomcat so is NOT affected by the CVE-2020-9484 vulnerability.
The CVE-2020-9484 vulnerability is addressed in Tomcat version 9.0.35
Although Spectrum 10.4.1 was referenced this holds true for all versions (Spectrum does not use the PersistentManager)