The following security vulnerabilities have been identified in CCS Apache Tomcat 9.0.41.

CVE-2021-25122 High NVD CVSS score

CVE-2021-25329 High NVD CVSS score

These security vulnerabilities should not have an impact on CCS Apache Tomcat 9.0.41, as long as the configuration is not altered or compromised.  We recommend not to set the configuration as described in the CVE records.

These security vulnerabilities have been fixed in Apache Tomcat 9.0.43, and are included in Solution LU00654 which updates CCS Apache Tomcat to build 9.0.44. We recommend that you upgrade your CCS Apache Tomcat to this more secure build.