Symantec Data Loss Prevention (DLP) : CVE-2022-29885

The above vulnerability is documented to affect Tomcat Apache versions "10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78"

A Pentest determined that DLP is running a vulnerable version of Apache Tomcat, 9.0.37.

The noted version of the product is vulnerable to attacks per CVE ID: CVE-2022-29885.

Component : Apache Tomcat v9.0.37

DLP is not vulnerable to CVE-2022-29885.
The vulnerability applies to implementations of Tomcat as a cluster and use of  EncryptInterceptor functionality.
DLP does not use Tomcat as a cluster, nor uses EncryptInterceptor functionality, hence it is not affected.

Furthermore DLP 16.0 shipped with tomcat v9.0.63 which is beyond the impacted version of tomcat.