The systems vulnerability scan has detected the following tomcat vulnerabilities on SOI manager server.
SOI : 4.2 Cu4
Follow the below steps to apply the same to upgrade tomcat with 9.0.70 version on top of CU4 patch.
1. Stop all SOI services
2. Take backup of the below folders:
-- SOI Manager - \SOI\tomcat
-- SOI UI Server - \SOI\SamUI
3. Extract the downloaded files and overwrite the folders as below (Copy files from attached zip and override to tomcat and SamUI folder)
-- SOI Manager - extracted tomcat folder into \SOI\
-- SOI UI Server - extracted SamUI folder into \SOI\
Attached the Upgrade-tomcat-9.0.70-updated
4. Start the SOI services as per the recommendations given earlier (Reference KB article https://knowledge.broadcom.com/external/article?articleId=135251)
5. Close the browser and SOI console.
6. Re-login the SOI UI server and relaunch the console.
Note : We have updated below jars to support tomcat-9.0.70 version upgrade.
\CA\SOI\SamUI\webapps\sam\lib\soi.common.sam-4.2.0-oneclick.jar
\CA\SOI\SamUI\lib\soi.common.sam-4.2.0-ui.jar
\CA\SOI\tomcat\lib\soi.common.sam-4.2.0-manager.jar
SE plans to include this request of newer Tomcat version to upcoming cumulative. The planning for next cumulative will begin end of Jan/beginning of Feb and could take additional 2-3 months after that to complete depending on testing. In the mean time, VWFS can use the manual steps provided above.