HTTP/2 (H2) vulnerability CVE-2023-44487, “rapid reset” attack permits a
novel denial of service scenario where a high volume of coordinated HTTP/2
request cancellations can quickly reset many HTTP/2 streams, exhausting server
resources and potentially causing outages.
Release 14.5 CU6
http/2 is used in Web Admin Console and ENC components in Client Automation if SSL is enabled.
This vulnerability can be addressed by upgrading the Tomcat version to 9.0.82.