Vulnerabilities in Tomcat 8.5.30 for CABI

book

Article ID: 224019

calendar_today

Updated On:

Products

CA Service Operations Insight (SOI)

Issue/Introduction

 

Security Team has provided information about several vulnerabilities related to the Tomcat version 8.5.30 used for CABI.

The affected CVEs are:
CVE-2021-33037
CVE-2021-35517
CVE-2021-30639
CVE-2021-30640
CVE-2021-36090
CVE-2021-35516
CVE-2021-35515

The following versions are affected:
Apache Tomcat 8 all versions =<  Apache Tomcat -> 8.5.66

A fix is required with latest Tomcat version 8.5.69

Cause

 

This information is specific to SOI - CABI 7.1.1 integration.

Not advised for use with other CABI versions or integration with other Broadcom products.

Environment

 

Release : 4.2

Component : Service Operations Insight (SOI) Manager

Using CABI 7.1.1

Resolution

 
The Tomcat provided with CABI 7.1.1 can be upgraded to 8.5.70 by replacing some files from the existing CABI Tomcat installation.
 
Please follow the below steps.
 
1. Stop 'CA Business Intelligence Tomcat' service
 
2. Go to the below location 
    CA\SC\CA Business Intelligence\apache-tomcat 
 
3. Take a backup of the above apache-tomcat folder
 
3. Download the attached zip file and replace the files under apache-tomcat
    
 
4. Start 'CA Business Intelligence Tomcat' service.

Additional Information

 

 

Attachments

tomcat-8.5.70_1631744003522.zip get_app