Is IdM/IPA or RHCS affected by Tomcat vulnerability CVE-2023-24998 or CVE-2023-28708?

Solution Verified - Updated -

Issue

  • Red Hat engineering has investigated two CVE's (CVE-2023-24998 and CVE-2023-28708) potentially affecting Red Hat Identity Management/IPA and Red Hat Certificate system.

Environment

  • Red Hat Enterprise Linux 7, 8, and 9
  • Red Hat Certificate System 9 and 10
  • Identity Management (IPA)
  • Apache Tomcat for IdM or RHCS

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content