6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
64.6%
h3. Problem
Apache Tomcat should be upgraded to 9.0.80 or a later version to fix [CVE-2023-41080|https://nvd.nist.gov/vuln/detail/CVE-2023-41080]
h3. Environment
h3. Steps to Reproduce
h3. Workaround
At your own risk, you can manually upgrade Tomcat as instructed on this KB:
{}WARNING{}: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Jira running over unofficial Tomcat versions.
h3. Notes
CPE | Name | Operator | Version |
---|---|---|---|
jira data center | le | 9.11.0 | |
jira data center | lt | 9.12.0 | |
jira data center | lt | 9.4.11 | |
jira data center | lt | 9.11.2 |