Article - CS434845
Impact of CVE-2024-50379 and CVE-2024-56337 on ThingWorx products that utilize Apache Tomcat
Modified: 17-Jan-2025
Applies To
- ThingWorx Platform 9.4 to 9.7
- ThingWorx Global Access Server (GAS) 7.1.4
- ThingWorx Policy Server 7.1.3
Description
- Are any of the ThingWorx products that utilize Apache Tomcat impacted by CVE-2024-50379 and/or CVE-2024-56337?
- What are the impacts of CVE-2024-50379 and/or CVE-2024-56337 on ThingWorx Platform, ThingWorx Global Access Server (GAS) and ThingWorx Policy Server?
- Based on the CVE details published, CVE-2024-50379 would be applicable only if default servlet configuration in Apache Tomcat is changed and the read-only init parameter is set to non-default value of false in default servlets
- Do any ThingWorx products meet this criteria?
- CVE Details
This is a printer-friendly version of Article 434845 and may be out of date. For the latest version click CS434845