SAP Knowledge Base Article - Preview

3253415 - Vulnerability scan reports Tomcat vulnerabilities in SAP Cloud Connector

Symptom

A vulnerability scan is reporting Tomcat vulnerability issues in SAP Cloud Connector:

  • Apache Tomcat: Low: Apache Tomcat EncryptInterceptor DoS (CVE-2022-29885)
  • Apache Tomcat: Low: Apache Tomcat XSS in examples web application (CVE-2022-34305)
  • Apache Tomcat: Low: Apache Tomcat-embed-core-9.0.60.jar [cvss: 5.4] (CVE-2022-45143)
  • Apache Tomcat: Moderate: Apache Tomcat denial of service (CVE-2023-28709)
  • Apache Tomcat: Moderate: Apache Tomcat denial of service (CVE-2023-28708)
  • Apache Tomcat: Moderate: Apache Tomcat denial of service (CVE-2023-24998)
  • Apache Tomcat Important: Information disclosure (CVE-2023-34981)
  • Apache Tomcat: Low: Important: Request smuggling (CVE-2023-46589)
  • Apache Tomcat: Important: Apache Tomcat - denial of service (CVE-2024-24549)
  • Apache Tomcat: Important: Apache Tomcat - denial of service (CVE-2024-23672)


Read more...

Environment

  • SAP Cloud Connector 
  • BTP Connectivity

Product

SAP S/4HANA 1909

Keywords

Tomcat, CVE-2022-34305, CVE-2022-29885, CVE-2022-45143, JsonErrorReportValve, Cloud connector, SCC, CVE-2023-24998, CVE-2023-34981, CVE-2023-46589 , KBA , BC-MID-SCC , SAP Cloud Connector On-Demand/On-Premise Connectivity , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.