Is CA Spectrum 10.4.1 afftected by vulnerability CVE-2020-9484?
Article ID: 191595
Updated On:
Products
CA Spectrum
CA eHealth
Issue/Introduction
CA Spectrum 10.4.1 is delivered with Apache Tomcat 9.0.24.
Is CA Spectrum affected by vulnerability CVE-2020-9484?
https://nvd.nist.gov/vuln/detail/CVE-2020-9484
https://www.tenable.com/cve/CVE-2020-9484
Based on the vulnerability, Tomcat versions 9.0.0.M1 through 9.0.34 are affected.
Is CA Spectrum affected by vulnerability CVE-2020-9484?
https://nvd.nist.gov/vuln/detail/CVE-2020-9484
https://www.tenable.com/cve/CVE-2020-9484
Based on the vulnerability, Tomcat versions 9.0.0.M1 through 9.0.34 are affected.
Environment
Spectrum 10.4.1
Resolution
Spectrum does not use PersistenceManager in Tomcat so is NOT affected by the CVE-2020-9484 vulnerability.
Additional Information
The CVE-2020-9484 vulnerability is addressed in Tomcat version 9.0.35
https://tomcat.apache.org/security-9.html
Although Spectrum 10.4.1 was referenced this holds true for all versions (Spectrum does not use the PersistentManager)
Feedback
Yes
No
Powered by
