| CVE ID | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2026-6900 | 7.4 | high |
CVE-2026-6900. An Improper Certificate Validation vulnerability in the LDAP Server Connector used in APROL version prior to R 4.4-01P5 may allow network-based attackers to conduct adversary -in-the-middle attacks causing information disclosure or identity spoofing.
|
| CVE-2024-52317 | 6.5 | medium |
CVE-2024-52317. Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the re-quest and response used by HTTP/2 requests could lead to request and/or response mix-up between users
|
| CVE-2024-50379 | 9.8 | critical |
CVE-2024-50379. Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case-insensitive file systems when the default servlet is enabled for write (non-default configuration)
|
| CVE-2026-6901 | 7.7 | high |
CVE-2026-6901. An Untrusted Search Path vulnerability in the webserver used in APROL version prior to R 4.4-01P5 may allow authenticated local attackers to elevate their privileges.
|
| CVE-2024-54677 | 5.3 | medium |
CVE-2024-54677. Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service due to lacking data upload limits
|
| CVE-2024-56337 | 9.8 | critical |
CVE-2024-56337. Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. The previous mitigation for CVE-2024-50379 was incomplete, permitting an RCE on case insensitive file systems when the default servlet is enabled for write
|