RHACS detecting incorrect Springboot Tomcat version leading to false positives
Issue
- The tomcat release being used is
tomcat-embed-core-9.0.74.jar
which comes embedded with springboot, however ACS is reporting with a version name of4.0.fr
. - Why ACS it displaying CVEs of Tomcat versions of 5.5.25 etc when version is a spring boot provided higher version of 9.0.74
Environment
- Red Hat Advance Cluster Security for Kubernetes 3.74.x
- Red Hat OpenShift Container Platform 4.10+
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.