Apache Tomcat in JS affected by a vulnerability CVE-2021-30640”
book
Article ID: 269393
calendar_today
Updated On:
Products
Clarity PPM On PremiseClarity PPM SaaS
Issue/Introduction
Our security team detected a vulnerability CVE-2021-30640 on our Apache Tomcat in JS reporting server where the Apache Tomcat version 9.0.37 was installed and suggested we should upgrade the Apache Tomcat version to 9.0.46 or later
Environment
Release : 16.0.2
Resolution
Jaspersoft 7.8 or 8.1.1 is not impacted with the vulnerability
This vulnerability is for JNDI realm and Jaspersoft implementation with clarity JNDI is not used.