UPDATE! Alert! Tomcat Upgrade to 7.0.91 / 8.5.34 for Demantra 12.2.8.0 and earlier to Avoid Securit
THIS is a NEW Security Alert Message for Tomcat users only!
APPLIES TO:
Demantra 12.2.8 and earlier versions using Apache Tomcat as the Application Server
DESCRIPTION:
Tomcat Upgrade to 7.0.91 / 8.5.34 for Demantra 12.2.8.0 and earlier
OCCURRENCE:
Apache Tomcat 9.0.12, 8.5.34, and 7.0.91 address CVE-2018-11784, which is a vulnerability that allows remote attackers to conduct redirect attacks through specially crafted URLs. Its CVSS base score is 4.3 in NVD. CVE-2018-8034 was also addressed in Apache Tomcat 9.0.10, 8.5.32, and 7.0.89.
To avoid the security issues of Tomcat, it is necessary for customers on 12.2.6.2 or earlier versions with Apache Tomcat as the Application Server to upgrade to Tomcat 7.0.91, and for customers on 12.2.6.3 through 12.2.8.0 to upgrade to Tomcat 8.5.34.