I've recently upgraded the Workload Automation iDash from 12.0 to 126.96.36.199 ( 12.1.01.00-0334) assuming tomcat vulnerabilities will be fixed however even the upgrade could not fix it. Please advise if there is any other way of getting it fixed.
Apache Tomcat HTTP2 Client Information Disclosure Vulnerability(CVE-2020-13943)
Apache Tomcat Authentication Vulnerability (CVE-2021-30640)
Release : 12.1
We are aware of these vulnerabilities and they will be addressed in the next release of idash. We do not have a release date at this time.
We plan to upgrade Tomcat version from 8.5.57 to 8.5.66 in the next release.
CVE-2020-17527 is fixed in 8.5.60 and CVE-2020-13943 is fixed in Tomcat 8.5.58.