Is Control-M/Enterprise Manager 9.0.21 vulnerable to CVE-2024-24549 and CVE-2024-23672?

Is Control-M/Enterprise Manager 9.0.21 vulnerable to CVE-2024-24549 and CVE-2024-23672?

Knowledge Article

Article Number

000428349

Old Article Number

Article Type

Solutions to a Product Problem

Title

Is Control-M/Enterprise Manager 9.0.21 vulnerable to CVE-2024-24549 and CVE-2024-23672?

Summary

Product

Control-M/Enterprise Manager

Component

Control-M/Enterprise Manager

Applies to

Control-M/Enterprise Manager 9.0.21

Problem

Is Control-M/Enterprise Manager 9.0.21 vulnerable to CVE-2024-24549 and CVE-2024-23672?

Cause

CVE-2024-24549 and CVE-2024-23672 vulnerability.

Solution

Control-M/Enterprise Manager 9.0.21 is affected by CVE-2024-24549 and CVE-2024-23672, however you can use the knowledge article below to change the version of tomcat to an unaffected version:
https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=000403085

Attachment(s):