The following vulnerability was reported for apache tomcat versions
Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106
Release : 9.x, 20.1, 20.3.0
The problem will be solved in UIM 20.3.3, targeted to be released in the next months.
In UIM 20.3.3, the version of embedded tomcat will be upgraded from 9.0.37 to 9.0.41, which has this vulnerability already solved.