ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CVE-2021-42340 - Apache Tomcat Vulnerability

book

Article ID: 226664

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

We use UIM 20.30. Are we affected by CVE-2021-42340?

https://nvd.nist.gov/vuln/detail/CVE-2021-42340

Environment

Release : 20.3

Component :

Resolution

UIM 20.30 is not affected by CVE-2021-42340. However UIM 20.3.3 is. 

The fix is included in wasp-20.3.3-HF2.zip that is downloadable from the following link:

https://support.broadcom.com/download-center/solution-detail.html?aparNo=LU03330&os=MULTI-PLATFORM

This fix will be included in the upcoming release of UIM 20.4 as well. 

Additional Information

What version of Tomcat is service_host or wasp running in UIM