Tomcat Vulnerabilities in ARD
Article ID: 243679
Updated On:
Products
CA Agile Requirements Designer
Issue/Introduction
ARD 3.2 hub server is having Apache-tomcat-9.0.37.
Tomcat is highlighted for Apache Tomcat Denial of Service (DoS) Vulnerability (CVE-2022-29885).
As per https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.63, this issue is fixed on Apache Tomcat 9.0.63.
Please confirm if ARD 3.2 will work without breaking anything with Apache Tomcat 9.0.63?
Environment
Release: 3.2
Component: ARD HUB
Agile Requirements designer
Cause
Third-Party compatibility
Resolution
Tomcat 9.0.63 has been tested to work fine with ARD 3.2.5.
Hence it is suggested to upgrade to ARD 3.2.5 and proceed to use Tomcat 9.0.63.
Additional Information
| Sl. No. | CVE | Manual Installer | Docker installer | Notes |
| 1 | CVE-2022-34305 | Migrate tomcat to 9.0.65 or above | ARD-3.2.5 or above | |
| 2 | CVE-2022-29885 | Migrate tomcat to 9.0.63 or above | ARD-3.2.5 or above | |
| 3 | CVE-2022-42252 | Migrate tomcat to 9.0.69 or above | ARD 3.3 | upcoming release |
| 4 | CVE-2021-43980 | Migrate tomcat to 9.0.61 or above | ARD 3.2 or above | |
| 5 | CVE-2022-29143 | run security patch on mssql database as provided in Microsoft official site |
Not affected | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29143 |
| 6 | CVE-2022-45143 | Migrate tomcat to 9.0.69 or above | ARD 3.3 | upcoming release |
Feedback
Yes
No
Powered by
