Vulnerability Name:

CVE-2020-17527 (CCN-192612)

Assigned:2020-12-03
Published:2020-12-03
Updated:2022-05-12
Summary:While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2020-17527

Source: CCN
Type: Apache Web site
Apache Tomcat

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: XF
Type: UNKNOWN
apache-cve202017527-info-disc(192612)

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomee-commits] 20201207 [jira] [Assigned] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomee-commits] 20210319 [jira] [Updated] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-dev] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-dev] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomee-commits] 20201207 [jira] [Created] (TOMEE-2936) TomEE plus(7.0.9) is affected by CVE-2020-17527(BDSA-2020-3628) vulnerability.

Source: MLIST
Type: Mailing List, Vendor Advisory
[guacamole-issues] 20201206 [jira] [Commented] (GUACAMOLE-1229) Fix in Dockerhub for latest CVE-2020-17527

Source: MLIST
Type: Mailing List, Vendor Advisory
[announce] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-announce] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-dev] 20201203 svn commit: r1884073 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml

Source: MLIST
Type: Mailing List, Vendor Advisory
[guacamole-issues] 20201206 [jira] [Created] (GUACAMOLE-1229) Fix in Dockerhub for latest CVE-2020-17527

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-users] 20210119 Re: [SECURITY][CORRECTION] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-dev] 20210114 svn commit: r1885488 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

Source: MISC
Type: Mailing List, Vendor Advisory
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e886ba00823b11e5%40%3Cannounce.tomcat.apache.org%3E

Source: MLIST
Type: Mailing List, Vendor Advisory
[announce] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-announce] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomcat-users] 20201203 [SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20201216 [SECURITY] [DLA 2495-1] tomcat8 security update

Source: CCN
Type: oss-sec Mailing List, Thu, 3 Dec 2020 18:07:07 +0000
CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Source: GENTOO
Type: Third Party Advisory
GLSA-202012-23

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20201210-0003/

Source: DEBIAN
Type: Third Party Advisory
DSA-4835

Source: CCN
Type: IBM Security Bulletin 6410788 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6434169 (App Connect Professional)
App Connect Professional is affected by Apache Tomcat vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6453463 (Control Center)
Multiple Apache Tomcat Vulnerabilities Affect IBM Control Center

Source: CCN
Type: IBM Security Bulletin 6475673 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6550782 (UrbanCode Release)
IBM UrbanCode Release is affected by CVE-2020-17527

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2021
Oracle Critical Patch Update Advisory - April 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: CCN
Type: Oracle CPUJul2021
Oracle Critical Patch Update Advisory - July 2021

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.36:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version >= 8.5.1 and <= 8.5.59)
  • OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version >= 9.0.1 and <= 9.0.35)
  • OR cpe:/a:apache:tomcat:9.0.35-3.39.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.35-3.57.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.37:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.38:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.39:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* (Version >= 3.0.0 and <= 3.1.3)
  • OR cpe:/a:netapp:element_plug-in:-:*:*:*:*:vcenter_server:*:*

  • Configuration 3:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:workload_manager:18c:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:workload_manager:19c:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* (Version < 8.0.23)
  • OR cpe:/a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:blockchain_platform:*:*:*:*:*:*:*:* (Version < 21.1.2)

  • Configuration CCN 1:
  • cpe:/a:apache:tomcat:10.0.0:m1:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.59:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.39:*:*:*:*:*:*:*
  • AND
  • cpe:/a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect:7.5.3.0:*:*:*:professional:*:*:*
  • OR cpe:/a:oracle:database_server:19c:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.0:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:control_center:6.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:p8:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8171
    P
    Security update for golang-github-prometheus-prometheus (Important)
    2023-06-21
    oval:org.opensuse.security:def:8142
    P
    Security update for jetty-minimal (Moderate)
    2023-06-19
    oval:org.opensuse.security:def:51958
    P
    Security update for grub2 (Important)
    2022-11-21
    oval:org.opensuse.security:def:643
    P
    Security update for python-paramiko (Important) (in QA)
    2022-09-30
    oval:org.opensuse.security:def:3544
    P
    libFLAC++6-1.3.0-11.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95174
    P
    tomcat-9.0.36-150200.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:113536
    P
    tomcat-9.0.36-8.4 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:5922
    P
    Security update for openexr (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:106932
    P
    tomcat-9.0.36-8.4 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:2329
    P
    tomcat-9.0.36-3.24.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:101419
    P
    tomcat-9.0.36-3.24.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63418
    P
    tomcat-9.0.36-3.24.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:102183
    P
    Security update for nginx (Important)
    2021-05-31
    oval:org.opensuse.security:def:110675
    P
    Security update for tomcat (Moderate)
    2021-01-16
    oval:org.opensuse.security:def:111274
    P
    Security update for tomcat (Moderate)
    2021-01-11
    oval:org.opensuse.security:def:10189
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:94208
    P
    (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:102826
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:104855
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:97206
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:69260
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:98165
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:91823
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:66493
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:75561
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:94419
    P
    (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:5404
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:100696
    P
    (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:108849
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:97207
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:69575
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:8688
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:93782
    P
    (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:98773
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:95470
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:67011
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:76079
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:109492
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:97208
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:70329
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:9435
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:93997
    P
    (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:96136
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:69231
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:118588
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:91200
    P
    Security update for tomcat (Moderate)
    2021-01-07
    oval:org.opensuse.security:def:88190
    P
    Security update for tomcat (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:59539
    P
    Security update for tomcat (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:125603
    P
    Security update for tomcat (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:33716
    P
    Security update for tomcat (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:88506
    P
    Security update for tomcat (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:59797
    P
    Security update for tomcat (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:126770
    P
    Security update for tomcat (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:33974
    P
    Security update for tomcat (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:89194
    P
    Security update for tomcat (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:60360
    P
    Security update for tomcat (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:127167
    P
    Security update for tomcat (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:34537
    P
    Security update for tomcat (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:23970
    P
    Security update for tomcat (Moderate)
    2021-01-05
    oval:org.opensuse.security:def:89452
    P
    Security update for tomcat (Moderate)
    2021-01-05
    BACK
    apache tomcat 9.0.0 milestone10
    apache tomcat 9.0.0 milestone11
    apache tomcat 9.0.0 milestone12
    apache tomcat 9.0.0 milestone13
    apache tomcat 9.0.0 milestone14
    apache tomcat 9.0.0 milestone15
    apache tomcat 9.0.0 milestone16
    apache tomcat 9.0.0 milestone17
    apache tomcat 9.0.0 milestone18
    apache tomcat 9.0.0 milestone19
    apache tomcat 9.0.0 milestone20
    apache tomcat 9.0.0 milestone21
    apache tomcat 9.0.0 milestone22
    apache tomcat 9.0.0 milestone23
    apache tomcat 9.0.0 milestone24
    apache tomcat 9.0.0 milestone25
    apache tomcat 9.0.0 milestone26
    apache tomcat 9.0.0 milestone27
    apache tomcat 9.0.0 milestone5
    apache tomcat 9.0.0 milestone6
    apache tomcat 9.0.0 milestone7
    apache tomcat 9.0.0 milestone8
    apache tomcat 9.0.0 milestone9
    apache tomcat 9.0.36
    apache tomcat 10.0.0 milestone1
    apache tomcat 10.0.0 milestone2
    apache tomcat 10.0.0 milestone3
    apache tomcat 10.0.0 milestone4
    apache tomcat 10.0.0 milestone5
    apache tomcat 10.0.0 milestone6
    apache tomcat *
    apache tomcat *
    apache tomcat 9.0.35-3.39.1
    apache tomcat 9.0.35-3.57.3
    apache tomcat 9.0.37
    apache tomcat 9.0.38
    apache tomcat 9.0.39
    apache tomcat 10.0.0 milestone7
    apache tomcat 10.0.0 milestone8
    apache tomcat 10.0.0 milestone9
    netapp oncommand system manager *
    netapp element plug-in -
    debian debian linux 9.0
    debian debian linux 10.0
    oracle instantis enterprisetrack 17.1
    oracle instantis enterprisetrack 17.2
    oracle instantis enterprisetrack 17.3
    oracle sd-wan edge 9.0
    oracle workload manager 18c
    oracle workload manager 19c
    oracle mysql enterprise monitor *
    oracle communications cloud native core binding support function 1.10.0
    oracle communications cloud native core policy 1.14.0
    oracle communications instant messaging server 10.0.1.5.0
    oracle blockchain platform *
    apache tomcat 10.0.0 m1
    apache tomcat 8.5.1
    apache tomcat 9.0.0 m5
    apache tomcat 8.5.59
    apache tomcat 9.0.39
    oracle instantis enterprisetrack 17.1
    oracle instantis enterprisetrack 17.2
    oracle database server 18
    oracle instantis enterprisetrack 17.3
    ibm qradar security information and event manager 7.3.0
    ibm app connect 7.5.3.0
    oracle database server 19c
    ibm data risk manager 2.0.6
    ibm qradar security information and event manager 7.4.0
    ibm control center 6.2.0.0
    ibm qradar security information and event manager 7.4.3 -
    ibm qradar security information and event manager 7.3.3 p8