As per NVD article https://nvd.nist.gov/vuln/detail/CVE-2020-9484 CVE-2020-9484 is resolved in Apache Tomcat 9.0.35 and above.
Need confirmation if CVE-2020-9484 is resolved in UIM 20.3 and what is the actual Apache Tomcat version included in 20.3.
Release : 20.3
Component : UIM -OC
CVE-2020-9484 is resolved in 20.3 as it is using Tomcat 9.0.37
UIM and OC WASP is using tomcat 9.0.37