CVE-2018-11784 Apache Tomcat - Open Redirect
Vendor: The Apache Software Foundation
Apache Tomcat 9.0.0.M1 to 9.0.11
Apache Tomcat 8.5.0 to 8.5.33
Apache Tomcat 7.0.23 to 7.0.90
The unsupported 8.0.x release line has not been analysed but is likely
to be affected.
Is Spectrum impacted by this Vulnerability "CVE-2018-11784"?
This affects, Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90
Spectrum 10.2 is using, Tomcat - 7.0.72, So it is affected.
Spectrum 10.3 and 10.3.1 are using Tomcat 9.0.8, both are affected.
Note: This is Moderate affect.
This is fixed in Tomcat 9.0.12 or later, and there is a plan for tomcat upgrade in 10.3.2.
This will be addressed in Spectrum 10.3.2