In regards, to the Low: Apache Tomcat EncryptInterceptor DoSĀ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29885 which is fixed in Apache Tomcat 9.0.63, it is being reporting as a Low vulnerability on the Apache Tomcat website but others (NIST, Tenable) are reporting this vulnerability as High as seen below. Could someone please elaborate on this and which one is correct?
NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-29885 Base Score: 7.5 HIGH Tenable: https://www.tenable.com/cve/CVE-2022-29885 Severity: HIGH Our setup: Apache Tomcat version: 9.0.58 OS: MS Windows Server 2019 Configured within Cognos ReportNet Thanks, Jacob DeHaven --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
