Tomcat Vulnerabilities in ARD
search cancel

Tomcat Vulnerabilities in ARD


Article ID: 243679


Updated On:


CA Agile Requirements Designer


ARD 3.2 hub server is having Apache-tomcat-9.0.37. 

Tomcat is highlighted for Apache Tomcat Denial of Service (DoS) Vulnerability (CVE-2022-29885).

As per, this issue is fixed on Apache Tomcat 9.0.63.

Please confirm if ARD 3.2  will work without breaking anything with Apache Tomcat 9.0.63?



Release: 3.2

Component: ARD HUB
Agile Requirements designer


Third-Party compatibility


Tomcat 9.0.63 has been tested to work fine with ARD 3.2.5.
Hence it is suggested to upgrade to ARD 3.2.5 and proceed to use Tomcat 9.0.63.

Additional Information

Sl. No. CVE Manual Installer Docker installer Notes
1 CVE-2022-34305 Migrate tomcat to 9.0.65 or above  ARD-3.2.5 or above  
2 CVE-2022-29885 Migrate tomcat to 9.0.63 or above  ARD-3.2.5 or above  
3 CVE-2022-42252 Migrate tomcat to 9.0.69 or above  ARD 3.3 upcoming release
4 CVE-2021-43980 Migrate tomcat to 9.0.61 or above  ARD 3.2 or above  
5 CVE-2022-29143 run security patch on mssql database as
provided in Microsoft official site 
Not affected
6 CVE-2022-45143 Migrate tomcat to 9.0.69 or above  ARD 3.3 upcoming release