UNCLASSIFIED - NO CUI

Skip to content

chore(findings): tomcat9-openjdk11

Summary

tomcat9-openjdk11 has 90 new findings discovered during continuous monitoring.

Layer: tomcat9-openjdk11:9.0.108 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=tomcat9-openjdk11&tag=9.0.108&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2023-2650 Twistlock CVE Low openssl-1.1.1k-14.el8_6 0.88208 false
CVE-2023-2650 Anchore CVE Medium openssl-libs-1:1.1.1k-14.el8_6 0.88208 false
CVE-2020-19188 Twistlock CVE Low ncurses-6.1-10.20180224.el8 0.06200 false
CVE-2020-19188 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8 0.06200 false
CVE-2020-19186 Twistlock CVE Low ncurses-6.1-10.20180224.el8 0.04961 false
CVE-2020-19186 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8 0.04961 false
CVE-2020-19185 Twistlock CVE Low ncurses-6.1-10.20180224.el8 0.04961 false
CVE-2020-19185 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8 0.04961 false
CVE-2020-19190 Twistlock CVE Low ncurses-6.1-10.20180224.el8 0.04954 false
CVE-2020-19190 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8 0.04954 false
CVE-2020-19187 Twistlock CVE Low ncurses-6.1-10.20180224.el8 0.04834 false
CVE-2020-19187 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8 0.04834 false
CVE-2020-19189 Twistlock CVE Low ncurses-6.1-10.20180224.el8 0.02005 false
CVE-2020-19189 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8 0.02005 false
CVE-2024-2511 Twistlock CVE Low openssl-1.1.1k-14.el8_6 0.01519 false
CVE-2024-2511 Anchore CVE Low openssl-libs-1:1.1.1k-14.el8_6 0.01519 false
CVE-2023-0464 Twistlock CVE Low openssl-1.1.1k-14.el8_6 0.01165 false
CVE-2023-0464 Anchore CVE Low openssl-libs-1:1.1.1k-14.el8_6 0.01165 false
CVE-2023-0466 Twistlock CVE Medium openssl-1.1.1k-14.el8_6 0.00508 false
CVE-2023-0466 Anchore CVE Medium openssl-libs-1:1.1.1k-14.el8_6 0.00508 false
CVE-2018-19217 Anchore CVE Medium ncurses-libs-6.1-10.20180224.el8 0.00404 false
CVE-2021-39537 Twistlock CVE Low ncurses-6.1-10.20180224.el8 0.00351 false
CVE-2021-39537 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8 0.00351 false
CVE-2023-0465 Twistlock CVE Low openssl-1.1.1k-14.el8_6 0.00337 false
CVE-2023-0465 Anchore CVE Low openssl-libs-1:1.1.1k-14.el8_6 0.00337 false
CVE-2018-19211 Twistlock CVE Low ncurses-6.1-10.20180224.el8 0.00278 false
CVE-2018-19211 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8 0.00278 false
CVE-2024-0727 Twistlock CVE Low openssl-1.1.1k-14.el8_6 0.00214 false
CVE-2024-0727 Anchore CVE Low openssl-libs-1:1.1.1k-14.el8_6 0.00214 false
CVE-2025-50106 Twistlock CVE High java-11-openjdk-11.0.25.0.9-2.el8 0.00174 false
CVE-2025-30749 Twistlock CVE High java-11-openjdk-11.0.25.0.9-2.el8 0.00174 false
CVE-2024-41996 Twistlock CVE Low openssl-1.1.1k-14.el8_6 0.00166 false
CVE-2024-41996 Anchore CVE Low openssl-libs-1:1.1.1k-14.el8_6 0.00166 false
CVE-2020-12413 Twistlock CVE Low nss-3.101.0-11.el8_8 0.00120 false
CVE-2020-12413 Anchore CVE Low nss-util-3.101.0-11.el8_8 0.00120 false
CVE-2020-12413 Anchore CVE Low nss-3.101.0-11.el8_8 0.00120 false
CVE-2024-4741 Twistlock CVE Low openssl-1.1.1k-14.el8_6 0.00116 false
CVE-2024-4741 Anchore CVE Low openssl-libs-1:1.1.1k-14.el8_6 0.00116 false
CVE-2024-7531 Twistlock CVE Low nss-3.101.0-11.el8_8 0.00112 false
CVE-2024-7531 Anchore CVE Low nss-3.101.0-11.el8_8 0.00112 false
CVE-2024-7531 Anchore CVE Low nss-util-3.101.0-11.el8_8 0.00112 false
CVE-2025-21587 Twistlock CVE Medium java-11-openjdk-11.0.25.0.9-2.el8 0.00085 false
CVE-2025-21587 Anchore CVE Medium java-11-openjdk-headless-1:11.0.25.0.9-2.el8 0.00085 false
CVE-2025-30698 Twistlock CVE Medium java-11-openjdk-11.0.25.0.9-2.el8 0.00082 false
CVE-2025-30698 Anchore CVE Medium java-11-openjdk-headless-1:11.0.25.0.9-2.el8 0.00082 false
CVE-2024-13176 Twistlock CVE Low openssl-1.1.1k-14.el8_6 0.00080 false
CVE-2024-13176 Anchore CVE Low openssl-libs-1:1.1.1k-14.el8_6 0.00080 false
CVE-2025-30761 Twistlock CVE Medium java-11-openjdk-11.0.25.0.9-2.el8 0.00061 false
CVE-2022-41409 Twistlock CVE Low pcre2-10.32-3.el8_6 0.00061 false
CVE-2022-41409 Anchore CVE Low pcre2-10.32-3.el8_6 0.00061 false
CVE-2025-30691 Twistlock CVE Medium java-11-openjdk-11.0.25.0.9-2.el8 0.00057 false
CVE-2025-30691 Anchore CVE Medium java-11-openjdk-headless-1:11.0.25.0.9-2.el8 0.00057 false
CVE-2025-50059 Twistlock CVE High java-11-openjdk-11.0.25.0.9-2.el8 0.00054 false
CVE-2023-50495 Twistlock CVE Low ncurses-6.1-10.20180224.el8 0.00050 false
CVE-2023-50495 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8 0.00050 false
CVE-2025-30754 Twistlock CVE Medium java-11-openjdk-11.0.25.0.9-2.el8 0.00036 false
CVE-2025-21502 Twistlock CVE Medium java-11-openjdk-11.0.25.0.9-2.el8 0.00024 false
CVE-2025-21502 Anchore CVE Medium java-11-openjdk-headless-1:11.0.25.0.9-2.el8 0.00024 false
CVE-2025-5278 Twistlock CVE Medium coreutils-8.30-15.el8 0.00018 false
CVE-2025-5278 Anchore CVE Medium coreutils-single-8.30-15.el8 0.00018 false
CVE-2023-2004 Anchore CVE Low java-11-openjdk-headless-1:11.0.25.0.9-2.el8 N/A false
CVE-2022-3857 Anchore CVE Low java-11-openjdk-headless-1:11.0.25.0.9-2.el8 N/A false
cbff271f45d32e78dcc1979dbca9c14d Anchore Compliance Critical N/A N/A
CCE-89707-4 OSCAP Compliance Medium N/A N/A
CCE-88248-0 OSCAP Compliance Medium N/A N/A
CCE-86931-3 OSCAP Compliance Medium N/A N/A
CCE-86916-4 OSCAP Compliance Medium N/A N/A
CCE-86187-2 OSCAP Compliance High N/A N/A
CCE-85987-6 OSCAP Compliance Medium N/A N/A
CCE-85902-5 OSCAP Compliance High N/A N/A
CCE-85899-3 OSCAP Compliance Medium N/A N/A
CCE-85897-7 OSCAP Compliance Medium N/A N/A
CCE-85870-4 OSCAP Compliance Medium N/A N/A
CCE-84255-9 OSCAP Compliance Medium N/A N/A
CCE-84254-2 OSCAP Compliance Medium N/A N/A
CCE-84049-6 OSCAP Compliance Medium N/A N/A
CCE-82730-3 OSCAP Compliance Medium N/A N/A
CCE-81044-0 OSCAP Compliance Low N/A N/A
CCE-81037-4 OSCAP Compliance Medium N/A N/A
CCE-81036-6 OSCAP Compliance Medium N/A N/A
CCE-81035-8 OSCAP Compliance Medium N/A N/A
CCE-80935-0 OSCAP Compliance High N/A N/A
CCE-80854-3 OSCAP Compliance Low N/A N/A
CCE-80853-5 OSCAP Compliance Low N/A N/A
CCE-80852-7 OSCAP Compliance Low N/A N/A
CCE-80851-9 OSCAP Compliance Low N/A N/A
CCE-80839-4 OSCAP Compliance Medium N/A N/A
CCE-80838-6 OSCAP Compliance Medium N/A N/A
CCE-80837-8 OSCAP Compliance Medium N/A N/A
CCE-80795-8 OSCAP Compliance High N/A N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=tomcat9-openjdk11&tag=9.0.108&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI