iDash 12.1.0.1 Vulnerability related to tomcat

book

Article ID: 223759

calendar_today

Updated On:

Products

CA Workload Automation iDash

Issue/Introduction

I've recently upgraded the Workload Automation iDash from 12.0 to 12.1.0.1 ( 12.1.01.00-0334) assuming tomcat vulnerabilities will be fixed however even the upgrade could not fix it. Please advise if there is any other way of getting it fixed.

Vulnerability:

Apache Tomcat HTTP2 Client Information Disclosure Vulnerability(CVE-2020-13943)

Apache Tomcat Authentication Vulnerability (CVE-2021-30640)

Environment

Release : 12.1

Component :

Resolution

We are aware of these vulnerabilities and they will be addressed in the next release of idash. We do not have a release date at this time.

We plan to upgrade Tomcat version from 8.5.57 to 8.5.66 in the next release.

CVE-2020-17527 is fixed in 8.5.60 and CVE-2020-13943 is fixed in Tomcat 8.5.58.