Is Spectrum vulnerable to tomcat CVE-2024-52316
search cancel

Is Spectrum vulnerable to tomcat CVE-2024-52316

book

Article ID: 383186

calendar_today

Updated On:

Products

Network Observability Spectrum

Issue/Introduction

We see that there is a new security CVE vulnerability for tomcat which is CVE-2024-52316?  Is CA Spectrum vulnerable to this CVE?

Environment

Spectrum 23.x, 24.x

Cause

Tomcat Vulnerability

Resolution

As confirmed by Spectrum Engineering this vulnerability is only vulnerable if the tomcat uses a JASPIC provider for authentication. 
Spectrum doesn't use/support JASPIC / custom Jakarta AuthProviders, therefore Spectrum is not vulnerable to this CVE.

Powered by Wolken Software