We have a vulnerability scan software which reports any vulnerabilities found within key network. It has recently report few vulnerabilities from servers where CA TDM portal is installed. Below are those vulnerabilities -

1. Delete the default index page and remove the example JSP and servlets. Follow the Tomcat or OWASP instructions to replace or modify the default error page.
2. Upgrade to Apache Tomcat version 7.0.100, 8.5.51, 9.0.31,9.0.43 or later.

I wanted to understand how to delete the default index page and remove example JSP etc. From where can i download the latest version of Apache Tomcat version?

Would there be any impact on running CA TDM portal after upgrading? What are your recommendations in removing the above mentioned vulnerabilities?

Release : 4.8

Component : CA Agile Requirements Designer - TMX Script Generator

Latest 4.9.1 portal includes latest 9.x tomcat version TDMWeb-4.9.306.0.zip.  It is recommended to upgrade to this version or later as it has not been tested to upgrade an old release.