A new High severity vulnerability CVE-2023-44487 has been identified with HTTP/2 protocol which makes the service vulnerable to Denial of Service Attacks(DDoS).
Who are susceptible to this vulnerability
Any HTTP web service/program exposed to the internet with HTTP/2 protocol enabled is susceptible to this vulnerability.
Clarity on SaaS
On Premise Clarity Customers
The HTTP/2 implementation in Tomcat is by default commented out and is not used.
Clarity implementation also uses the HTTP/1.1 protocol on its connector and doesn't use the HTTP/2 protocol.
Mitigation Strategy in case needed by your organization
The mitigation strategy holds true for Jaspersoft as well.