Is CABI 6.3 vulnerable to CVE-2017-12617?
Yes, CABI 6.3 is vulnerable to CVE-2017-12617. You will need to upgrade to CABI 6.4.2 which is available on the CA Spectrum Product page and contains Tomcat 8.5.23 with the vulnerability resolved.
Please reference knowledge article 92749 "CABI Jasper 6.4.2.support for Spectrum 10.2.3
" for more information on upgrading to CABI 6.4.2.