App Connect Professional & IBM WebSphere Cast Iron Solution have addressed the following vulnerabilities reported in Apache Tomcat.
CVEID:CVE-2021-24122
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when serving resources from a network location using the NTFS file system. By sending a specially-crafted request, an attacker could exploit this vulnerability to view the source code for JSPs in some configurations, and use this information to launch further attacks against the affected system.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194894 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)
IBM WebSphere Cast Iron Solution v 7.5.0.0, 7.5.0.1, 7.5.1.0
App Connect Professional v 7.5.2.0
App Connect Professional v 7.5.3.0
App Connect Professional v 7.5.4.0
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM WebSphere Cast Iron | 7.5.0.0 | ||
7.5.0.1 | |||
7.5.1.0 | LI81933 | 7510 fixcentral Link | |
App Connect Professional | 7.5.2.0 | LI81933 | 7520 Fixcentral link |
App Connect Professional | 7.5.3.0 | LI81933 | 7530 Fixcentral link |
App Connect Professional | 7.5.4.0 | ||
LI81933 | 7540 Fixcentral link |
None