Vantage web client uses Tomcat server.  Advise as to whether it's exposed to CVE-2025-24813?

The DefaultServlet is configured under tomcat_home/conf/web.xml and it does NOT have write permissions enabled by default.

This means the vulnerable code is NOT reachable in the default configuration unless customer defined `readonly` property to false as below.

So Vantage StoragePoint web client is NOT exposed without further configuration changes. 

If there is a configuration change by the customer, then make sure that the param-value is Not set to false in the tomcat_home/conf/web.xml file. 

<param-name>readonly</param-name>                                                                         <param-value>false</param-value>  

By default this param-name is not present in the Broadcom provided web.xml file.

Refer to the Broadcom Mainframe Software Security Advisory for Apache Tomcat Vulnerability CVE-2025-24813 for updates on this vulnerability.