7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.007 Low
EPSS
Percentile
79.9%
h3. Issue Summary
Apache Tomcat should be upgraded to 9.0.75+ or a later version to fix [CVE-2023-34981|https://nvd.nist.gov/vuln/detail/CVE-2023-34981]
{panel:bgColor=#e3fcef}
Bamboo is not vulnerable to this issue as it does not bundle Apache Tomcat 9.0.74 on any of its releases.
This is an informational ticket to inform customers about the underlying CVE.
{panel}
h3. Environment
h3. Steps to Reproduce
h3. Expected Results
h3. Actual Results
CPE | Name | Operator | Version |
---|---|---|---|
bamboo data center | le | n/a | |
bamboo data center | lt | 9.3.1 | |
bamboo data center | lt | 9.2.4 |