AA (Advanced Authentication) product is certified for use of Tomcat 9.0.x version Web Application server.  The official NIST document indicates Tomcat version below version 9.0.99 is vulnerable.This document strongly suggests users using the Tomcat Web Application Server tool to use only Tomcat version 9.0.99 and above to prevent a critical attack.

The users of Advanced Authentication product are guided by the AA PSM (Platform Support Matrix) that calls out the certified version of Tomcat Application Server as Tomcat 9.0.x. This article emphasizes that given the critical CVE-2025-24813 exists for Tomcat versions below version 9.0.99, Tomcat version 9.0.99 and above be used.