Does CVE-2023-41080 impact CA Advanced Authentication product?
|CVE||CVSS Base Score||CVSS Rating*||Affected Product||Affected Version|
|CVE-2023-41080||Not Available||Medium||Apache Tomcat||11.0.0-M1 to 11.0.0-M10
10.1.0-M1 to 10.1.12
9.0.0-M1 to 9.0.79
8.5.0 to 8.5.92
Release : CA Advanced Authentication 9.1
The CVE-2023-41080 vulnerability is related to URL Redirection to an Untrusted Site, commonly known as an 'Open Redirect' vulnerability, which affects the FORM authentication feature in Apache Tomcat.
The affected versions of Apache Tomcat include:
Apache Tomcat 11.0.0-M1 through 11.0.0-M10
Apache Tomcat 10.1.0-M1 through 10.0.12
Apache Tomcat 9.0.0-M1 through 9.0.79
Apache Tomcat 8.5.0 through 8.5.92
To address this security concern, we recommend the following actions:
Upgrade to the Latest Version of Apache Tomcat in the 9.x Series: If your current version of Apache Tomcat is earlier than 9.0.80, we recommend upgrading to the latest release within the 9.x series. This will ensure that you have the security patches and updates necessary to mitigate the CVE-2023-41080 vulnerability.
Consider Removing the ROOT Folder: The vulnerability is limited to the ROOT (default) web application of Apache Tomcat. If you do not require the ROOT application for your specific use case, we recommend considering the removal of the ROOT folder from your Apache Tomcat installation. This will further reduce the attack surface.
Taking these steps will help enhance the security of your Apache Tomcat installation and protect your system from potential security risks associated with this vulnerability.