/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
A vulnerability scan is reporting Tomcat vulnerability issues in SAP Cloud Connector:
- Apache Tomcat: Low: Apache Tomcat EncryptInterceptor DoS (CVE-2022-29885)
- Apache Tomcat: Low: Apache Tomcat XSS in examples web application (CVE-2022-34305)
- Apache Tomcat: Low: Apache Tomcat-embed-core-9.0.60.jar [cvss: 5.4] (CVE-2022-45143)
- Apache Tomcat: Moderate: Apache Tomcat denial of service (CVE-2023-28709)
- Apache Tomcat: Moderate: Apache Tomcat denial of service (CVE-2023-28708)
- Apache Tomcat: Moderate: Apache Tomcat denial of service (CVE-2023-24998)
- Apache Tomcat Important: Information disclosure (CVE-2023-34981)
- Apache Tomcat: Low: Important: Request smuggling (CVE-2023-46589)
- Apache Tomcat: Important: Apache Tomcat - denial of service (CVE-2024-24549)
- Apache Tomcat: Important: Apache Tomcat - denial of service (CVE-2024-23672)
- Apache Tomcat: Important: Denial of Service (CVE-2024-34750)
- Apache Tomcat: Apache Tomcat Authentication Bypass Vulnerability (CVE-2024-52316)
- Apache Tomcat: Apache Tomcat Authentication Bypass Vulnerability (CVE-2024-50379)
- Apache Tomcat: Apache Tomcat Denial of Service via Uncontrolled Resource Consumption in Examples App (CVE-2024-54677)
- Apache Tomcat: Apache Tomcat TOCTOU Race Condition in Default Servlet Mitigation Incomplete for CVE-2024-50379 (CVE-2024-56337)
- Apache Tomcat: Apache Tomcat Path Equivalence Vulnerability Enables RCE and Information Disclosure via Write-Enabled Default Servlet(CVE-2025-24813)
- Apache Tomcat: HTTP/2 Data Leakage Vulnerability (CVE-2024-52317)
- Apache Tomcat: Stored XSS in Cosmetics Store v1.0 Allows Arbitrary Script Execution (CVE-2024-31651)
- Apache Tomcat: Stored XSS in Cosmetics Store v1.0 Allows Arbitrary Script Execution (CVE-2024-31650)
- Apache Tomcat: XSS Vulnerability in Cosmetics and Beauty Product Online Store v1.0 via First Name Parameter (CVE-2024-24813)
- Apache Tomcat: Low: CGI security constraint bypass (CVE-2025-46701)
Read more...
Environment
- SAP Cloud Connector
- BTP Connectivity
Product
SAP S/4HANA 1909
Keywords
Tomcat, CVE-2022-34305, CVE-2022-29885, CVE-2022-45143, JsonErrorReportValve, Cloud connector, SCC, CVE-2023-24998, CVE-2023-34981, CVE-2023-46589, CVE-2024-52316, CVE-2024-50379, CVE-2024-52317, CVE-2024-31651, CVE-2024-31650, CVE-2024-24813, CVE-2025-46701 , KBA , BC-MID-SCC , SAP Cloud Connector On-Demand/On-Premise Connectivity , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)