NetWorker: Security Vulnerability CVE-2024-50379 CVE-2024-54677 CVE-2024-56337

Summary: The current NetWorker 19.11.0.3 has tomcat version 9.0.90. The following CVEs are detected.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Security Article Type

Security KB

CVE Identifier

CVE-2024-50379
CVE-2024-54677
CVE-2024-56337

Issue Summary

The current NetWorker 19.11.0.3 has tomcat version 9.0.90. The following CVEs are detected. 

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-50379 This hyperlink is taking you to a website outside of Dell Technologies.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-54677 This hyperlink is taking you to a website outside of Dell Technologies.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-56337 This hyperlink is taking you to a website outside of Dell Technologies.

The above vulnerabilities affect Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following Apache versions contain fixes: 11.0.2, 10.1.34 or 9.0.98. 

Recommendations

Fix will be available in the NetWorker 19.13 release.
The release date is targeted June 2025. 

Keep informed from the latest Dell Security Advisories: Support for NetWorker | Advisories | Dell US

Legal Disclaimer

Article Properties
Article Number: 000286474
Article Type: Security KB
Last Modified: 24 Feb 2025
Version:  1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.