Is Spectrum tomcat affected by CVE-2021-25122 and CVE-2021-25329 ?


Article ID: 209865


Updated On:


CA Spectrum


Is spectrum tomcat affected by CVE-2021-25122 and CVE-2021-25329. Any hotfix for this CVE?

Spectrum version:


Release : 20.2

Component : Spectrum Core / SpectroSERVER


1. CVE-2021-25122 : This will happen in case of h2c requests, where server supports http2 and makes the cleartext request. But spectrum support http/1.1 and hence NOT affected.

2. CVE-2021-25329 : This can be exploited when a user gets access to a file on the server. Later they can execute the file with scripts/malware on it. This can be a possible concern.

Tomcat sever 9.0.43 tomcat is provided In the next release of Spectrum, and hence these two CVEs are plugged.