CA TDM Portal component is impacted by the latest tomcat vulnerability CVE-2024-34750?
https://nvd.nist.gov/vuln/detail/CVE-2024-34750
TDM 4.11.x
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue.
CA TDM Portal component is impacted by this vulnerability. In the upcoming TDM Portal patch build engineering team will upgrade the bundled Tomcat version to 10.1.25 as suggested in the CVE remediation.
Once released, you can find the latest TDM Portal patch build at below location for download: