CVE-2021-43980

🗓️ 28 Sep 2022 00:00:00Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 7 Media mentions👁 374 Views

CVE-2021-43980 Tomcat 10 and 9.0.47 onwards exposed concurrency bu

Reporter	Title	Published	Views	Family All 155
IBM Security Bulletins	Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache Tomcat Server	31 Oct 202315:09	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat, Apache Commons FileUpload and Apache Axis might affect IBM Storage Copy Data Management	22 Mar 202416:05	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat could allow a remote attacker to obtain sensitive information (CVE-2021-43980)	18 Nov 202219:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Control Center is affected by vulnerability in Apache Tomcat	7 Nov 202407:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Release is affected by CVE-2022-42252	20 Jan 202316:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Build is affected by CVE-2021-43980	20 Dec 202207:07	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.	18 Jul 202313:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8	18 Oct 202407:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tomcat	30 Nov 202210:25	–	ibm
Tenable Nessus	Apache Tomcat < 9.0.62 Vulnerability	28 Sep 202200:00	–	nessus

NVD

Vulners

Node

apache tomcatRange8.5.0–8.5.77

apache tomcatRange9.0.0–9.0.60

apache tomcatRange10.0.0–10.0.18

apache tomcatMatch10.1.0milestone1

apache tomcatMatch10.1.0milestone10

apache tomcatMatch10.1.0milestone11

apache tomcatMatch10.1.0milestone12

apache tomcatMatch10.1.0milestone2

apache tomcatMatch10.1.0milestone3

apache tomcatMatch10.1.0milestone4

apache tomcatMatch10.1.0milestone5

apache tomcatMatch10.1.0milestone6

apache tomcatMatch10.1.0milestone7

apache tomcatMatch10.1.0milestone8

apache tomcatMatch10.1.0milestone9

Node

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

[
  {
    "vendor": "Apache Software Foundation",
    "product": "Apache Tomcat",
    "versions": [
      {
        "version": "10.1.0-M1 to 10.1.0-M12",
        "status": "affected"
      },
      {
        "version": "10.0.0-M1 to 10.0.18",
        "status": "affected"
      },
      {
        "version": "9.0.0-M1 to 9.0.60",
        "status": "affected"
      },
      {
        "version": "8.5.0 to 8.5.77",
        "status": "affected"
      }
    ]
  }
]

Source	Link
debian	www.debian.org/security/2022/dsa-5265
lists	www.lists.debian.org/debian-lts-announce/2022/10/msg00029.html
lists	www.lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3
openwall	www.openwall.com/lists/oss-security/2022/09/28/1

21 May 2025 15:15Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.13.7

EPSS0.00203

SSVC

CWE-362