PowerProtect DP Appliances and IDPA: Apache Tomcat Vulnerabilities found on IDPA 2.7.6 ACM
Summary: PowerProtect Data Protection (DP) Series and the Integrated Data Protection Appliance (IDPA): This article responds to Apache Tomcat security vulnerabilities detected on IDPA Appliance Configuration Manager (ACM) version 2.7.6. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
NOTE: This article only targets PowerProtect Data Protection Series Appliances or IDPA version 2.7.6.
IDPA version 2.7.8 has been released; upgrading to version 2.7.8 is recommended.
This article covers the following Common Vulnerabilities and Exposures (CVE) detected on IDPA ACM version 2.7.6:
Apache Tomcat: Important: Denial of Service (CVE-2023-44487)
Apache Tomcat: Low: Apache Tomcat EncryptInterceptor DoS (CVE-2022-29885)
Apache Tomcat: Important: Apache Tomcat denial of service (CVE-2023-24998)
Apache Tomcat: Important: Apache Tomcat information disclosure (CVE-2023-28708)
Apache Tomcat: Important: Request smuggling (CVE-2023-46589)
Apache Tomcat: Important: Denial of Service (CVE-2024-23672)
Apache Tomcat: Important: Denial of Service (CVE-2024-24549)
Apache Tomcat: Important: Denial of Service (CVE-2021-42340)
Apache Tomcat: High: Information Disclosure (CVE-2021-43980)
Apache Tomcat: Low: Local Privilege Escalation (CVE-2022-23181)
Apache Tomcat: Low: Apache Tomcat request smuggling (CVE-2022-42252)
Apache Tomcat: Low: Apache Tomcat JsonErrorReportValve injection (CVE-2022-45143)
Apache Tomcat: Moderate: Open redirect (CVE-2023-41080)
Apache Tomcat: Important: Request smuggling (CVE-2023-45648)
Apache Tomcat: Important: Information Disclosure (CVE-2023-42795)
Apache Tomcat: Important: Request smuggling (CVE-2023-46589)
Cause
For IDPA ACM version 2.7.6, the Apache Tomcat is on version 9.0.82.0.
The following command can be used to check the ACM version:
The following command can check the Apache Tomcat version:
An example from an IDPA ACM version 2.7.6:
Figure 1: How to verify the ACM Apache Tomcat version.
The following command can be used to check the ACM version:
rpm -qa |grep dataprotection
The following command can check the Apache Tomcat version:
java -cp /usr/local/dataprotection/tomcat/lib/catalina.jar org.apache.catalina.util.ServerInfo
An example from an IDPA ACM version 2.7.6:
Figure 1: How to verify the ACM Apache Tomcat version.
Resolution
For IDPA version 2.7.6, the ACM Apache Tomcat is on version 9.0.82. Therefore, all the vulnerabilities resolved before that can be considered False Positive. In IDPA version 2.7.7, the ACM's Apache Tomcat is upgraded to version 9.0.86 to cover those outstanding vulnerabilities.
Affected Products
PowerProtect DP4400, PowerProtect DP5300, PowerProtect DP5800, PowerProtect DP8300, PowerProtect DP8800, PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, Integrated Data Protection Appliance Software
, PowerProtect DP5900, PowerProtect DP8400, PowerProtect DP8900
...
Article Properties
Article Number: 000226872
Article Type: Solution
Last Modified: 11 Aug 2025
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.