Is Spectrum vulnerable to CVE-2023-46589?
search cancel

Is Spectrum vulnerable to CVE-2023-46589?

book

Article ID: 276844

calendar_today

Updated On:

Products

DX NetOps

Issue/Introduction

This article provides info about CVE-2023-46589 vulnerability in Spectrum.

Environment

All Spectrum supported versions

Cause

The following tomcat versions are affected by this vulnerability:

11.0.0-M1 to 11.0.0-M10
10.1.0-M1 to 10.1.15
9.0.0-M1 to 9.0.82
8.5.0 to 8.5.95

Here are the fixed Version(s):

11.0.0-M11
10.1.16
9.0.83
8.5.96

Resolution

The latest spectrum version (23.3.4 - released on November/2023), is shipped with Tomcat 9.0.82, that's still vulnerable.

The next Spectrum version (23.3.5) will be shipped with Tomcat 9.0.83, that is not vulnerable.

Additional Information

What Tomcat versions are shipped with Spectrum?
https://knowledge.broadcom.com/external/article/272006 

Powered by Wolken Software