Apache Tomcat has published a vulnerability information for CVE-2021-25329.

(1) Does the above vulnerability apply to Spectrum 10.4.1 (Oneclick)?

 CVE-2021-25329 : This can be exploited when a user gets access to a file on the server. Later he can execute the file with scripts/malware on it. This can be a concern.

Release : 10.4.1

Component : Spectrum Core / SpectroSERVER

(1) Does the above vulnerability apply to Spectrum 10.4.1 (Oneclick)?

Ans) Yes.

Note : Spectrum will upgrade to 9.0.43 tomcat in the next release where this issue will be fixed.