Vulnerability-Lookup

CVE-2026-29145 (GCVE-0-2026-29145)

Vulnerability from cvelistv5 – Published: 2026-04-09 19:20 – Updated: 2026-04-10 18:11

Title

Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled

Summary

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13. Users are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.

Severity

No CVSS data available.

CWE

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled

Assigner

apache

References

1 reference

URL	Tags
https://lists.apache.org/thread/yz5fxmhd2j43wgqyk…	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: 11.0.0-M1 , ≤ 11.0.18 (semver) Affected: 10.1.0-M7 , ≤ 10.1.52 (semver) Affected: 9.0.83 , ≤ 9.0.115 (semver) Unaffected: 0 , ≤ 8.5.100 (semver)
Apache Software Foundation	Apache Tomcat Native	Affected: 1.1.23 , ≤ 1.1.34 (semver) Affected: 1.2.0 , ≤ 1.2.39 (semver) Affected: 1.3.0 , ≤ 1.3.6 (semver) Affected: 2.0.0 , ≤ 2.0.13 (semver)

Credits

gregk4sec (https://github.com/gregk4sec)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-09T23:15:49.788Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/09/23"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-29145",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T18:10:50.492750Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T18:11:31.014Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.18",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.52",
              "status": "affected",
              "version": "10.1.0-M7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.115",
              "status": "affected",
              "version": "9.0.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat Native",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "1.1.34",
              "status": "affected",
              "version": "1.1.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.2.39",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.3.6",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.13",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "gregk4sec (https://github.com/gregk4sec)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.\u003c/p\u003e"
            }
          ],
          "value": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-09T19:20:24.601Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-29145",
    "datePublished": "2026-04-09T19:20:24.601Z",
    "dateReserved": "2026-03-04T09:52:45.179Z",
    "dateUpdated": "2026-04-10T18:11:31.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-29145",
      "date": "2026-05-25",
      "epss": "0.00039",
      "percentile": "0.11662"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-29145\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-04-09T20:16:24.447\",\"lastModified\":\"2026-04-14T13:22:28.357\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\\n\\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.83\",\"versionEndExcluding\":\"9.0.116\",\"matchCriteriaId\":\"2F4C25F3-54B7-42C3-9CEE-853D64F538B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.1\",\"versionEndExcluding\":\"10.1.53\",\"matchCriteriaId\":\"6A9752F3-66FC-41BC-BBB9-50AC9A7DBC55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.20\",\"matchCriteriaId\":\"1F39B82B-0E67-459D-8065-2C6EE7970D0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AF99366-B85F-447F-90EF-E4F163193A78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6BD4180-D3E8-42AB-96B1-3869ECF47F6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*\",\"matchCriteriaId\":\"64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC64BB57-4912-481E-AE8D-C8FCD36142BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*\",\"matchCriteriaId\":\"49B43BFD-6B6C-4E6D-A9D8-308709DDFB44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*\",\"matchCriteriaId\":\"919C16BD-79A7-4597-8D23-2CBDED2EF615\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*\",\"matchCriteriaId\":\"81B27C03-D626-42EC-AE4E-1E66624908E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD81405D-81A5-4683-A355-B39C912DAD2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DCE3576-86BC-4BB8-A5FB-1274744DFD7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*\",\"matchCriteriaId\":\"5571F54A-2EAC-41B6-BDA9-7D33CFE97F70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED30E850-C475-4133-BDE3-74CB3768D787\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"941FCF7B-FFB6-4967-95C7-BB3D32C73DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE1A9030-B397-4BA6-8E13-DA1503872DDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"6284B74A-1051-40A7-9D74-380FEEEC3F88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat_native:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.23\",\"versionEndExcluding\":\"1.3.7\",\"matchCriteriaId\":\"4285FB15-C93B-498C-9DA1-E5C3364A0280\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat_native:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.14\",\"matchCriteriaId\":\"89778321-0002-4D5F-85DB-EAE3CB9B53CA\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/04/09/23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/04/09/23\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-04-09T23:15:49.788Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-29145\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-10T18:10:50.492750Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-10T18:10:11.738Z\"}}], \"cna\": {\"title\": \"Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"gregk4sec (https://github.com/gregk4sec)\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.18\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M7\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.52\"}, {\"status\": \"affected\", \"version\": \"9.0.83\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.115\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.100\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat Native\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.23\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.1.34\"}, {\"status\": \"affected\", \"version\": \"1.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.2.39\"}, {\"status\": \"affected\", \"version\": \"1.3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.3.6\"}, {\"status\": \"affected\", \"version\": \"2.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.0.13\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\\n\\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eCLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-04-09T19:20:24.601Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-29145\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-10T18:11:31.014Z\", \"dateReserved\": \"2026-03-04T09:52:45.179Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-04-09T19:20:24.601Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

OPENSUSE-SU-2026:20612-1

Vulnerability from csaf_opensuse - Published: 2026-04-22 10:52 - Updated: 2026-04-22 10:52

Summary

Security update for tomcat10

Severity

Important

Notes

Title of the patch: Security update for tomcat10

Description of the patch: This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). - CVE-2026-25854: Occasionally open redirect (bsc#1261851). - CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). - CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). - CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). - CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). - CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). - CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). - CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371)

Patchnames: openSUSE-Leap-16.0-624

CVE-2025-66614

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-24880

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-25854

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29129

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29145

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29146

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-32990

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34483

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34486

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34487

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34500

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

44 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://bugzilla.suse.com/1258371	self
https://bugzilla.suse.com/1261850	self
https://bugzilla.suse.com/1261851	self
https://bugzilla.suse.com/1261852	self
https://bugzilla.suse.com/1261853	self
https://bugzilla.suse.com/1261854	self
https://bugzilla.suse.com/1261855	self
https://bugzilla.suse.com/1261856	self
https://bugzilla.suse.com/1261857	self
https://www.suse.com/security/cve/CVE-2025-66614/	self
https://www.suse.com/security/cve/CVE-2026-24880/	self
https://www.suse.com/security/cve/CVE-2026-25854/	self
https://www.suse.com/security/cve/CVE-2026-29129/	self
https://www.suse.com/security/cve/CVE-2026-29145/	self
https://www.suse.com/security/cve/CVE-2026-29146/	self
https://www.suse.com/security/cve/CVE-2026-32990/	self
https://www.suse.com/security/cve/CVE-2026-34483/	self
https://www.suse.com/security/cve/CVE-2026-34486/	self
https://www.suse.com/security/cve/CVE-2026-34487/	self
https://www.suse.com/security/cve/CVE-2026-34500/	self
https://www.suse.com/security/cve/CVE-2025-66614	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-24880	external
https://bugzilla.suse.com/1261850	external
https://www.suse.com/security/cve/CVE-2026-25854	external
https://bugzilla.suse.com/1261851	external
https://www.suse.com/security/cve/CVE-2026-29129	external
https://bugzilla.suse.com/1261852	external
https://www.suse.com/security/cve/CVE-2026-29145	external
https://bugzilla.suse.com/1261853	external
https://www.suse.com/security/cve/CVE-2026-29146	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-32990	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-34483	external
https://bugzilla.suse.com/1261855	external
https://www.suse.com/security/cve/CVE-2026-34486	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-34487	external
https://bugzilla.suse.com/1261856	external
https://www.suse.com/security/cve/CVE-2026-34500	external
https://bugzilla.suse.com/1261857	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat10",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat10 fixes the following issues:\n\n- Update to Tomcat 10.1.54\n- CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850).\n- CVE-2026-25854: Occasionally open redirect (bsc#1261851).\n- CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852).\n- CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853).\n- CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854).\n- CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855).\n- CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856).\n- CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857).\n- CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Leap-16.0-624",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20612-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258371",
        "url": "https://bugzilla.suse.com/1258371"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261850",
        "url": "https://bugzilla.suse.com/1261850"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261851",
        "url": "https://bugzilla.suse.com/1261851"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261852",
        "url": "https://bugzilla.suse.com/1261852"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261853",
        "url": "https://bugzilla.suse.com/1261853"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261854",
        "url": "https://bugzilla.suse.com/1261854"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261855",
        "url": "https://bugzilla.suse.com/1261855"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261856",
        "url": "https://bugzilla.suse.com/1261856"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261857",
        "url": "https://bugzilla.suse.com/1261857"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-66614 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-66614/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-24880 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-24880/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-25854 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-25854/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29129 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29145 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29145/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29146 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29146/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-32990 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-32990/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34483 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34483/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34486 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34486/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34487 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34487/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34500 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34500/"
      }
    ],
    "title": "Security update for tomcat10",
    "tracking": {
      "current_release_date": "2026-04-22T10:52:21Z",
      "generator": {
        "date": "2026-04-22T10:52:21Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:20612-1",
      "initial_release_date": "2026-04-22T10:52:21Z",
      "revision_history": [
        {
          "date": "2026-04-22T10:52:21Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat10-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-admin-webapps-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-doc-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-doc-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-doc-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-docs-webapp-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-embed-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-embed-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-embed-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-jsvc-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-jsvc-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-jsvc-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-lib-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-lib-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-lib-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-webapps-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-webapps-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-webapps-10.1.54-160000.1.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 16.0",
                "product": {
                  "name": "openSUSE Leap 16.0",
                  "product_id": "openSUSE Leap 16.0"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-10.1.54-160000.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-admin-webapps-10.1.54-160000.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-doc-10.1.54-160000.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-doc-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-docs-webapp-10.1.54-160000.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-embed-10.1.54-160000.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-embed-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-jsvc-10.1.54-160000.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-jsvc-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-lib-10.1.54-160000.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-lib-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-webapps-10.1.54-160000.1.1.noarch as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-webapps-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-66614",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-66614"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-66614",
          "url": "https://www.suse.com/security/cve/CVE-2025-66614"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2025-66614",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T10:52:21Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-66614"
    },
    {
      "cve": "CVE-2026-24880",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-24880"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability in Apache Tomcat via invalid chunk extension.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOther, unsupported versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-24880",
          "url": "https://www.suse.com/security/cve/CVE-2026-24880"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261850 for CVE-2026-24880",
          "url": "https://bugzilla.suse.com/1261850"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T10:52:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-24880"
    },
    {
      "cve": "CVE-2026-25854",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-25854"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Occasional URL redirection to untrusted Site (\u0027Open Redirect\u0027) vulnerability in Apache Tomcat via the LoadBalancerDrainingValve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100.\nOther, unsupported versions may also be affected\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-25854",
          "url": "https://www.suse.com/security/cve/CVE-2026-25854"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261851 for CVE-2026-25854",
          "url": "https://bugzilla.suse.com/1261851"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T10:52:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-25854"
    },
    {
      "cve": "CVE-2026-29129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Configured cipher preference order not preserved vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29129",
          "url": "https://www.suse.com/security/cve/CVE-2026-29129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261852 for CVE-2026-29129",
          "url": "https://bugzilla.suse.com/1261852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T10:52:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29129"
    },
    {
      "cve": "CVE-2026-29145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29145",
          "url": "https://www.suse.com/security/cve/CVE-2026-29145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261853 for CVE-2026-29145",
          "url": "https://bugzilla.suse.com/1261853"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T10:52:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29145"
    },
    {
      "cve": "CVE-2026-29146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Padding Oracle vulnerability in Apache Tomcat\u0027s EncryptInterceptor with default configuration.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29146",
          "url": "https://www.suse.com/security/cve/CVE-2026-29146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-29146",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T10:52:21Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-29146"
    },
    {
      "cve": "CVE-2026-32990",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-32990"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.\n\nThis issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-32990",
          "url": "https://www.suse.com/security/cve/CVE-2026-32990"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2026-32990",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T10:52:21Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-32990"
    },
    {
      "cve": "CVE-2026-34483",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34483"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34483",
          "url": "https://www.suse.com/security/cve/CVE-2026-34483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261855 for CVE-2026-34483",
          "url": "https://bugzilla.suse.com/1261855"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T10:52:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34483"
    },
    {
      "cve": "CVE-2026-34486",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34486"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the  fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.\n\nThis issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34486",
          "url": "https://www.suse.com/security/cve/CVE-2026-34486"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-34486",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T10:52:21Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-34486"
    },
    {
      "cve": "CVE-2026-34487",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34487"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34487",
          "url": "https://www.suse.com/security/cve/CVE-2026-34487"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261856 for CVE-2026-34487",
          "url": "https://bugzilla.suse.com/1261856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T10:52:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34487"
    },
    {
      "cve": "CVE-2026-34500",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34500"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34500",
          "url": "https://www.suse.com/security/cve/CVE-2026-34500"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261857 for CVE-2026-34500",
          "url": "https://bugzilla.suse.com/1261857"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "openSUSE Leap 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T10:52:21Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34500"
    }
  ]
}

SUSE-SU-2026:1558-1

Vulnerability from csaf_suse - Published: 2026-04-22 16:24 - Updated: 2026-04-22 16:24

Summary

Security update for tomcat11

Severity

Important

Notes

Title of the patch: Security update for tomcat11

Description of the patch: This update for tomcat11 fixes the following issues: Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). - CVE-2026-25854: Occasionally open redirect (bsc#1261851). - CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). - CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). - CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). - CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). - CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). - CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). - CVE-2026-32990: The fix for CVE-2025-66614 was incomplete, so this CVE completes it (bsc#1258371). Other fixes: - Update to Tomcat 11.0.21

Patchnames: SUSE-2026-1558,SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1558,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1558,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1558

CVE-2025-66614

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-24880

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-25854

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29129

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29145

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29146

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-32990

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34483

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34486

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34487

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34500

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 21 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

46 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2026…	self
https://bugzilla.suse.com/1258371	self
https://bugzilla.suse.com/1261850	self
https://bugzilla.suse.com/1261851	self
https://bugzilla.suse.com/1261852	self
https://bugzilla.suse.com/1261853	self
https://bugzilla.suse.com/1261854	self
https://bugzilla.suse.com/1261855	self
https://bugzilla.suse.com/1261856	self
https://bugzilla.suse.com/1261857	self
https://www.suse.com/security/cve/CVE-2025-66614/	self
https://www.suse.com/security/cve/CVE-2026-24880/	self
https://www.suse.com/security/cve/CVE-2026-25854/	self
https://www.suse.com/security/cve/CVE-2026-29129/	self
https://www.suse.com/security/cve/CVE-2026-29145/	self
https://www.suse.com/security/cve/CVE-2026-29146/	self
https://www.suse.com/security/cve/CVE-2026-32990/	self
https://www.suse.com/security/cve/CVE-2026-34483/	self
https://www.suse.com/security/cve/CVE-2026-34486/	self
https://www.suse.com/security/cve/CVE-2026-34487/	self
https://www.suse.com/security/cve/CVE-2026-34500/	self
https://www.suse.com/security/cve/CVE-2025-66614	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-24880	external
https://bugzilla.suse.com/1261850	external
https://www.suse.com/security/cve/CVE-2026-25854	external
https://bugzilla.suse.com/1261851	external
https://www.suse.com/security/cve/CVE-2026-29129	external
https://bugzilla.suse.com/1261852	external
https://www.suse.com/security/cve/CVE-2026-29145	external
https://bugzilla.suse.com/1261853	external
https://www.suse.com/security/cve/CVE-2026-29146	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-32990	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-34483	external
https://bugzilla.suse.com/1261855	external
https://www.suse.com/security/cve/CVE-2026-34486	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-34487	external
https://bugzilla.suse.com/1261856	external
https://www.suse.com/security/cve/CVE-2026-34500	external
https://bugzilla.suse.com/1261857	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat11",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat11 fixes the following issues:\n\nSecurity fixes:\n\n- CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850).\n- CVE-2026-25854: Occasionally open redirect (bsc#1261851).\n- CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852).\n- CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853).\n- CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854).\n- CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855).\n- CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856).\n- CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857).\n- CVE-2026-32990: The fix for CVE-2025-66614 was incomplete, so this CVE completes it (bsc#1258371).\n\nOther fixes:\n\n- Update to Tomcat 11.0.21\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-1558,SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1558,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1558,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1558",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1558-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:1558-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261558-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:1558-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045876.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258371",
        "url": "https://bugzilla.suse.com/1258371"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261850",
        "url": "https://bugzilla.suse.com/1261850"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261851",
        "url": "https://bugzilla.suse.com/1261851"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261852",
        "url": "https://bugzilla.suse.com/1261852"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261853",
        "url": "https://bugzilla.suse.com/1261853"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261854",
        "url": "https://bugzilla.suse.com/1261854"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261855",
        "url": "https://bugzilla.suse.com/1261855"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261856",
        "url": "https://bugzilla.suse.com/1261856"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261857",
        "url": "https://bugzilla.suse.com/1261857"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-66614 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-66614/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-24880 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-24880/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-25854 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-25854/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29129 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29145 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29145/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29146 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29146/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-32990 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-32990/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34483 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34483/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34486 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34486/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34487 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34487/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34500 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34500/"
      }
    ],
    "title": "Security update for tomcat11",
    "tracking": {
      "current_release_date": "2026-04-22T16:24:40Z",
      "generator": {
        "date": "2026-04-22T16:24:40Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:1558-1",
      "initial_release_date": "2026-04-22T16:24:40Z",
      "revision_history": [
        {
          "date": "2026-04-22T16:24:40Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat11-11.0.21-150600.13.18.1.noarch",
                "product": {
                  "name": "tomcat11-11.0.21-150600.13.18.1.noarch",
                  "product_id": "tomcat11-11.0.21-150600.13.18.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
                "product": {
                  "name": "tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
                  "product_id": "tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-doc-11.0.21-150600.13.18.1.noarch",
                "product": {
                  "name": "tomcat11-doc-11.0.21-150600.13.18.1.noarch",
                  "product_id": "tomcat11-doc-11.0.21-150600.13.18.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-docs-webapp-11.0.21-150600.13.18.1.noarch",
                "product": {
                  "name": "tomcat11-docs-webapp-11.0.21-150600.13.18.1.noarch",
                  "product_id": "tomcat11-docs-webapp-11.0.21-150600.13.18.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
                "product": {
                  "name": "tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
                  "product_id": "tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-embed-11.0.21-150600.13.18.1.noarch",
                "product": {
                  "name": "tomcat11-embed-11.0.21-150600.13.18.1.noarch",
                  "product_id": "tomcat11-embed-11.0.21-150600.13.18.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
                "product": {
                  "name": "tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
                  "product_id": "tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-jsvc-11.0.21-150600.13.18.1.noarch",
                "product": {
                  "name": "tomcat11-jsvc-11.0.21-150600.13.18.1.noarch",
                  "product_id": "tomcat11-jsvc-11.0.21-150600.13.18.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-lib-11.0.21-150600.13.18.1.noarch",
                "product": {
                  "name": "tomcat11-lib-11.0.21-150600.13.18.1.noarch",
                  "product_id": "tomcat11-lib-11.0.21-150600.13.18.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
                "product": {
                  "name": "tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
                  "product_id": "tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
                "product": {
                  "name": "tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
                  "product_id": "tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
                  "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-lib-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-lib-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-webapps-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-lib-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-lib-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-webapps-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-lib-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-lib-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-webapps-11.0.21-150600.13.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        },
        "product_reference": "tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-66614",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-66614"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-66614",
          "url": "https://www.suse.com/security/cve/CVE-2025-66614"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2025-66614",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T16:24:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-66614"
    },
    {
      "cve": "CVE-2026-24880",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-24880"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability in Apache Tomcat via invalid chunk extension.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOther, unsupported versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-24880",
          "url": "https://www.suse.com/security/cve/CVE-2026-24880"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261850 for CVE-2026-24880",
          "url": "https://bugzilla.suse.com/1261850"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T16:24:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-24880"
    },
    {
      "cve": "CVE-2026-25854",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-25854"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Occasional URL redirection to untrusted Site (\u0027Open Redirect\u0027) vulnerability in Apache Tomcat via the LoadBalancerDrainingValve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100.\nOther, unsupported versions may also be affected\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-25854",
          "url": "https://www.suse.com/security/cve/CVE-2026-25854"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261851 for CVE-2026-25854",
          "url": "https://bugzilla.suse.com/1261851"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T16:24:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-25854"
    },
    {
      "cve": "CVE-2026-29129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Configured cipher preference order not preserved vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29129",
          "url": "https://www.suse.com/security/cve/CVE-2026-29129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261852 for CVE-2026-29129",
          "url": "https://bugzilla.suse.com/1261852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T16:24:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29129"
    },
    {
      "cve": "CVE-2026-29145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29145",
          "url": "https://www.suse.com/security/cve/CVE-2026-29145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261853 for CVE-2026-29145",
          "url": "https://bugzilla.suse.com/1261853"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T16:24:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29145"
    },
    {
      "cve": "CVE-2026-29146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Padding Oracle vulnerability in Apache Tomcat\u0027s EncryptInterceptor with default configuration.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29146",
          "url": "https://www.suse.com/security/cve/CVE-2026-29146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-29146",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T16:24:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-29146"
    },
    {
      "cve": "CVE-2026-32990",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-32990"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.\n\nThis issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-32990",
          "url": "https://www.suse.com/security/cve/CVE-2026-32990"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2026-32990",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T16:24:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-32990"
    },
    {
      "cve": "CVE-2026-34483",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34483"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34483",
          "url": "https://www.suse.com/security/cve/CVE-2026-34483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261855 for CVE-2026-34483",
          "url": "https://bugzilla.suse.com/1261855"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T16:24:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34483"
    },
    {
      "cve": "CVE-2026-34486",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34486"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the  fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.\n\nThis issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34486",
          "url": "https://www.suse.com/security/cve/CVE-2026-34486"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-34486",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T16:24:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-34486"
    },
    {
      "cve": "CVE-2026-34487",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34487"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34487",
          "url": "https://www.suse.com/security/cve/CVE-2026-34487"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261856 for CVE-2026-34487",
          "url": "https://bugzilla.suse.com/1261856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T16:24:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34487"
    },
    {
      "cve": "CVE-2026-34500",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34500"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34500",
          "url": "https://www.suse.com/security/cve/CVE-2026-34500"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261857 for CVE-2026-34500",
          "url": "https://bugzilla.suse.com/1261857"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat11-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-admin-webapps-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-el-6_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-jsp-4_0-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-lib-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-servlet-6_1-api-11.0.21-150600.13.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat11-webapps-11.0.21-150600.13.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T16:24:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34500"
    }
  ]
}

SUSE-SU-2026:1572-1

Vulnerability from csaf_suse - Published: 2026-04-23 15:52 - Updated: 2026-04-23 15:52

Summary

Security update for tomcat

Severity

Important

Notes

Title of the patch: Security update for tomcat

Description of the patch: This update for tomcat fixes the following issues: Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). - CVE-2026-25854: Occasionally open redirect (bsc#1261851). - CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). - CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). - CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). - CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). - CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). - CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). - CVE-2026-32990: The fix for CVE-2025-66614 was incomplete, so this CVE completes it (bsc#1258371). Other fixes: - Update to Tomcat 9.0.117

Patchnames: SUSE-2026-1572,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1572,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1572

CVE-2025-66614

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-24880

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-25854

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29129

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29145

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29146

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-32990

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34483

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34486

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34487

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34500

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch	—	Vendor Fix

Threats

Impact moderate

References

46 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2026…	self
https://bugzilla.suse.com/1258371	self
https://bugzilla.suse.com/1261850	self
https://bugzilla.suse.com/1261851	self
https://bugzilla.suse.com/1261852	self
https://bugzilla.suse.com/1261853	self
https://bugzilla.suse.com/1261854	self
https://bugzilla.suse.com/1261855	self
https://bugzilla.suse.com/1261856	self
https://bugzilla.suse.com/1261857	self
https://www.suse.com/security/cve/CVE-2025-66614/	self
https://www.suse.com/security/cve/CVE-2026-24880/	self
https://www.suse.com/security/cve/CVE-2026-25854/	self
https://www.suse.com/security/cve/CVE-2026-29129/	self
https://www.suse.com/security/cve/CVE-2026-29145/	self
https://www.suse.com/security/cve/CVE-2026-29146/	self
https://www.suse.com/security/cve/CVE-2026-32990/	self
https://www.suse.com/security/cve/CVE-2026-34483/	self
https://www.suse.com/security/cve/CVE-2026-34486/	self
https://www.suse.com/security/cve/CVE-2026-34487/	self
https://www.suse.com/security/cve/CVE-2026-34500/	self
https://www.suse.com/security/cve/CVE-2025-66614	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-24880	external
https://bugzilla.suse.com/1261850	external
https://www.suse.com/security/cve/CVE-2026-25854	external
https://bugzilla.suse.com/1261851	external
https://www.suse.com/security/cve/CVE-2026-29129	external
https://bugzilla.suse.com/1261852	external
https://www.suse.com/security/cve/CVE-2026-29145	external
https://bugzilla.suse.com/1261853	external
https://www.suse.com/security/cve/CVE-2026-29146	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-32990	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-34483	external
https://bugzilla.suse.com/1261855	external
https://www.suse.com/security/cve/CVE-2026-34486	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-34487	external
https://bugzilla.suse.com/1261856	external
https://www.suse.com/security/cve/CVE-2026-34500	external
https://bugzilla.suse.com/1261857	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat fixes the following issues:\n\nSecurity fixes:\n\n- CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850).\n- CVE-2026-25854: Occasionally open redirect (bsc#1261851).\n- CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852).\n- CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853).\n- CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854).\n- CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855).  \n- CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856).\n- CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857).\n- CVE-2026-32990: The fix for CVE-2025-66614 was incomplete, so this CVE completes it (bsc#1258371).\n\nOther fixes:\n\n- Update to Tomcat 9.0.117\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-1572,SUSE-SLE-SERVER-12-SP5-LTSS-2026-1572,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1572",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1572-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:1572-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261572-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:1572-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045917.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258371",
        "url": "https://bugzilla.suse.com/1258371"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261850",
        "url": "https://bugzilla.suse.com/1261850"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261851",
        "url": "https://bugzilla.suse.com/1261851"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261852",
        "url": "https://bugzilla.suse.com/1261852"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261853",
        "url": "https://bugzilla.suse.com/1261853"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261854",
        "url": "https://bugzilla.suse.com/1261854"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261855",
        "url": "https://bugzilla.suse.com/1261855"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261856",
        "url": "https://bugzilla.suse.com/1261856"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261857",
        "url": "https://bugzilla.suse.com/1261857"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-66614 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-66614/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-24880 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-24880/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-25854 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-25854/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29129 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29145 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29145/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29146 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29146/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-32990 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-32990/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34483 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34483/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34486 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34486/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34487 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34487/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34500 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34500/"
      }
    ],
    "title": "Security update for tomcat",
    "tracking": {
      "current_release_date": "2026-04-23T15:52:25Z",
      "generator": {
        "date": "2026-04-23T15:52:25Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:1572-1",
      "initial_release_date": "2026-04-23T15:52:25Z",
      "revision_history": [
        {
          "date": "2026-04-23T15:52:25Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-9.0.117-3.163.2.noarch",
                "product": {
                  "name": "tomcat-9.0.117-3.163.2.noarch",
                  "product_id": "tomcat-9.0.117-3.163.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-admin-webapps-9.0.117-3.163.2.noarch",
                "product": {
                  "name": "tomcat-admin-webapps-9.0.117-3.163.2.noarch",
                  "product_id": "tomcat-admin-webapps-9.0.117-3.163.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-docs-webapp-9.0.117-3.163.2.noarch",
                "product": {
                  "name": "tomcat-docs-webapp-9.0.117-3.163.2.noarch",
                  "product_id": "tomcat-docs-webapp-9.0.117-3.163.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
                "product": {
                  "name": "tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
                  "product_id": "tomcat-el-3_0-api-9.0.117-3.163.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-embed-9.0.117-3.163.2.noarch",
                "product": {
                  "name": "tomcat-embed-9.0.117-3.163.2.noarch",
                  "product_id": "tomcat-embed-9.0.117-3.163.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-javadoc-9.0.117-3.163.2.noarch",
                "product": {
                  "name": "tomcat-javadoc-9.0.117-3.163.2.noarch",
                  "product_id": "tomcat-javadoc-9.0.117-3.163.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
                "product": {
                  "name": "tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
                  "product_id": "tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsvc-9.0.117-3.163.2.noarch",
                "product": {
                  "name": "tomcat-jsvc-9.0.117-3.163.2.noarch",
                  "product_id": "tomcat-jsvc-9.0.117-3.163.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-lib-9.0.117-3.163.2.noarch",
                "product": {
                  "name": "tomcat-lib-9.0.117-3.163.2.noarch",
                  "product_id": "tomcat-lib-9.0.117-3.163.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
                "product": {
                  "name": "tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
                  "product_id": "tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-webapps-9.0.117-3.163.2.noarch",
                "product": {
                  "name": "tomcat-webapps-9.0.117-3.163.2.noarch",
                  "product_id": "tomcat-webapps-9.0.117-3.163.2.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-docs-webapp-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-docs-webapp-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-javadoc-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-javadoc-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-docs-webapp-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-docs-webapp-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-javadoc-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-javadoc-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-3.163.2.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
          "product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-3.163.2.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-66614",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-66614"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-66614",
          "url": "https://www.suse.com/security/cve/CVE-2025-66614"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2025-66614",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:25Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-66614"
    },
    {
      "cve": "CVE-2026-24880",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-24880"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability in Apache Tomcat via invalid chunk extension.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOther, unsupported versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-24880",
          "url": "https://www.suse.com/security/cve/CVE-2026-24880"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261850 for CVE-2026-24880",
          "url": "https://bugzilla.suse.com/1261850"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:25Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-24880"
    },
    {
      "cve": "CVE-2026-25854",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-25854"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Occasional URL redirection to untrusted Site (\u0027Open Redirect\u0027) vulnerability in Apache Tomcat via the LoadBalancerDrainingValve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100.\nOther, unsupported versions may also be affected\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-25854",
          "url": "https://www.suse.com/security/cve/CVE-2026-25854"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261851 for CVE-2026-25854",
          "url": "https://bugzilla.suse.com/1261851"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:25Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-25854"
    },
    {
      "cve": "CVE-2026-29129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Configured cipher preference order not preserved vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29129",
          "url": "https://www.suse.com/security/cve/CVE-2026-29129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261852 for CVE-2026-29129",
          "url": "https://bugzilla.suse.com/1261852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:25Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29129"
    },
    {
      "cve": "CVE-2026-29145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29145",
          "url": "https://www.suse.com/security/cve/CVE-2026-29145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261853 for CVE-2026-29145",
          "url": "https://bugzilla.suse.com/1261853"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:25Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29145"
    },
    {
      "cve": "CVE-2026-29146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Padding Oracle vulnerability in Apache Tomcat\u0027s EncryptInterceptor with default configuration.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29146",
          "url": "https://www.suse.com/security/cve/CVE-2026-29146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-29146",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:25Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-29146"
    },
    {
      "cve": "CVE-2026-32990",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-32990"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.\n\nThis issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-32990",
          "url": "https://www.suse.com/security/cve/CVE-2026-32990"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2026-32990",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:25Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-32990"
    },
    {
      "cve": "CVE-2026-34483",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34483"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34483",
          "url": "https://www.suse.com/security/cve/CVE-2026-34483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261855 for CVE-2026-34483",
          "url": "https://bugzilla.suse.com/1261855"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:25Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34483"
    },
    {
      "cve": "CVE-2026-34486",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34486"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the  fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.\n\nThis issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34486",
          "url": "https://www.suse.com/security/cve/CVE-2026-34486"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-34486",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:25Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-34486"
    },
    {
      "cve": "CVE-2026-34487",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34487"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34487",
          "url": "https://www.suse.com/security/cve/CVE-2026-34487"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261856 for CVE-2026-34487",
          "url": "https://bugzilla.suse.com/1261856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:25Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34487"
    },
    {
      "cve": "CVE-2026-34500",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34500"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
          "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34500",
          "url": "https://www.suse.com/security/cve/CVE-2026-34500"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261857 for CVE-2026-34500",
          "url": "https://bugzilla.suse.com/1261857"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server 12 SP5-LTSS:tomcat-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-admin-webapps-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-docs-webapp-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-el-3_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-javadoc-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-jsp-2_3-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-lib-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-servlet-4_0-api-9.0.117-3.163.2.noarch",
            "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:tomcat-webapps-9.0.117-3.163.2.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:25Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34500"
    }
  ]
}

SUSE-SU-2026:1603-1

Vulnerability from csaf_suse - Published: 2026-04-24 11:47 - Updated: 2026-04-24 11:47

Summary

Security update for tomcat10

Severity

Important

Notes

Title of the patch: Security update for tomcat10

Description of the patch: This update for tomcat10 fixes the following issues: Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). - CVE-2026-25854: Occasionally open redirect (bsc#1261851). - CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). - CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). - CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). - CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). - CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). - CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). - CVE-2026-32990: The fix for CVE-2025-66614 was incomplete, so this CVE completes it (bsc#1258371). Other fixes: - Update to Tomcat 10.1.54

Patchnames: SUSE-2026-1603,SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1603,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1603,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1603,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1603,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1603,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1603,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1603

CVE-2025-66614

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 49 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-24880

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 49 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-25854

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 49 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29129

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 49 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29145

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 49 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29146

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 49 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-32990

Affected products

Recommended 49 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34483

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 49 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34486

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 49 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34487

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 49 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34500

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 49 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

46 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2026…	self
https://bugzilla.suse.com/1258371	self
https://bugzilla.suse.com/1261850	self
https://bugzilla.suse.com/1261851	self
https://bugzilla.suse.com/1261852	self
https://bugzilla.suse.com/1261853	self
https://bugzilla.suse.com/1261854	self
https://bugzilla.suse.com/1261855	self
https://bugzilla.suse.com/1261856	self
https://bugzilla.suse.com/1261857	self
https://www.suse.com/security/cve/CVE-2025-66614/	self
https://www.suse.com/security/cve/CVE-2026-24880/	self
https://www.suse.com/security/cve/CVE-2026-25854/	self
https://www.suse.com/security/cve/CVE-2026-29129/	self
https://www.suse.com/security/cve/CVE-2026-29145/	self
https://www.suse.com/security/cve/CVE-2026-29146/	self
https://www.suse.com/security/cve/CVE-2026-32990/	self
https://www.suse.com/security/cve/CVE-2026-34483/	self
https://www.suse.com/security/cve/CVE-2026-34486/	self
https://www.suse.com/security/cve/CVE-2026-34487/	self
https://www.suse.com/security/cve/CVE-2026-34500/	self
https://www.suse.com/security/cve/CVE-2025-66614	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-24880	external
https://bugzilla.suse.com/1261850	external
https://www.suse.com/security/cve/CVE-2026-25854	external
https://bugzilla.suse.com/1261851	external
https://www.suse.com/security/cve/CVE-2026-29129	external
https://bugzilla.suse.com/1261852	external
https://www.suse.com/security/cve/CVE-2026-29145	external
https://bugzilla.suse.com/1261853	external
https://www.suse.com/security/cve/CVE-2026-29146	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-32990	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-34483	external
https://bugzilla.suse.com/1261855	external
https://www.suse.com/security/cve/CVE-2026-34486	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-34487	external
https://bugzilla.suse.com/1261856	external
https://www.suse.com/security/cve/CVE-2026-34500	external
https://bugzilla.suse.com/1261857	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat10",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat10 fixes the following issues:\n\nSecurity fixes:  \n\n- CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850).\n- CVE-2026-25854: Occasionally open redirect (bsc#1261851).\n- CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852).\n- CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853).\n- CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854).\n- CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855).\n- CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856).\n- CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857).\n- CVE-2026-32990: The fix for CVE-2025-66614 was incomplete, so this CVE completes it (bsc#1258371).\n\nOther fixes:\n\n- Update to Tomcat 10.1.54\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-1603,SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1603,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1603,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1603,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1603,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1603,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1603,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1603",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1603-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:1603-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261603-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:1603-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045937.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258371",
        "url": "https://bugzilla.suse.com/1258371"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261850",
        "url": "https://bugzilla.suse.com/1261850"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261851",
        "url": "https://bugzilla.suse.com/1261851"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261852",
        "url": "https://bugzilla.suse.com/1261852"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261853",
        "url": "https://bugzilla.suse.com/1261853"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261854",
        "url": "https://bugzilla.suse.com/1261854"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261855",
        "url": "https://bugzilla.suse.com/1261855"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261856",
        "url": "https://bugzilla.suse.com/1261856"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261857",
        "url": "https://bugzilla.suse.com/1261857"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-66614 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-66614/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-24880 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-24880/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-25854 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-25854/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29129 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29145 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29145/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29146 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29146/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-32990 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-32990/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34483 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34483/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34486 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34486/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34487 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34487/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34500 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34500/"
      }
    ],
    "title": "Security update for tomcat10",
    "tracking": {
      "current_release_date": "2026-04-24T11:47:20Z",
      "generator": {
        "date": "2026-04-24T11:47:20Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:1603-1",
      "initial_release_date": "2026-04-24T11:47:20Z",
      "revision_history": [
        {
          "date": "2026-04-24T11:47:20Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat10-10.1.54-150200.5.64.1.noarch",
                "product": {
                  "name": "tomcat10-10.1.54-150200.5.64.1.noarch",
                  "product_id": "tomcat10-10.1.54-150200.5.64.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
                "product": {
                  "name": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
                  "product_id": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-doc-10.1.54-150200.5.64.1.noarch",
                "product": {
                  "name": "tomcat10-doc-10.1.54-150200.5.64.1.noarch",
                  "product_id": "tomcat10-doc-10.1.54-150200.5.64.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-docs-webapp-10.1.54-150200.5.64.1.noarch",
                "product": {
                  "name": "tomcat10-docs-webapp-10.1.54-150200.5.64.1.noarch",
                  "product_id": "tomcat10-docs-webapp-10.1.54-150200.5.64.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
                "product": {
                  "name": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
                  "product_id": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-embed-10.1.54-150200.5.64.1.noarch",
                "product": {
                  "name": "tomcat10-embed-10.1.54-150200.5.64.1.noarch",
                  "product_id": "tomcat10-embed-10.1.54-150200.5.64.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
                "product": {
                  "name": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
                  "product_id": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-jsvc-10.1.54-150200.5.64.1.noarch",
                "product": {
                  "name": "tomcat10-jsvc-10.1.54-150200.5.64.1.noarch",
                  "product_id": "tomcat10-jsvc-10.1.54-150200.5.64.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-lib-10.1.54-150200.5.64.1.noarch",
                "product": {
                  "name": "tomcat10-lib-10.1.54-150200.5.64.1.noarch",
                  "product_id": "tomcat10-lib-10.1.54-150200.5.64.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
                "product": {
                  "name": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
                  "product_id": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
                "product": {
                  "name": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
                  "product_id": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
                  "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-lib-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-lib-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-lib-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-lib-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-lib-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-lib-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-lib-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-lib-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-lib-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-lib-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-lib-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-lib-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-lib-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-lib-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        },
        "product_reference": "tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-66614",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-66614"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-66614",
          "url": "https://www.suse.com/security/cve/CVE-2025-66614"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2025-66614",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:47:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-66614"
    },
    {
      "cve": "CVE-2026-24880",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-24880"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability in Apache Tomcat via invalid chunk extension.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOther, unsupported versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-24880",
          "url": "https://www.suse.com/security/cve/CVE-2026-24880"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261850 for CVE-2026-24880",
          "url": "https://bugzilla.suse.com/1261850"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:47:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-24880"
    },
    {
      "cve": "CVE-2026-25854",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-25854"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Occasional URL redirection to untrusted Site (\u0027Open Redirect\u0027) vulnerability in Apache Tomcat via the LoadBalancerDrainingValve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100.\nOther, unsupported versions may also be affected\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-25854",
          "url": "https://www.suse.com/security/cve/CVE-2026-25854"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261851 for CVE-2026-25854",
          "url": "https://bugzilla.suse.com/1261851"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:47:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-25854"
    },
    {
      "cve": "CVE-2026-29129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Configured cipher preference order not preserved vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29129",
          "url": "https://www.suse.com/security/cve/CVE-2026-29129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261852 for CVE-2026-29129",
          "url": "https://bugzilla.suse.com/1261852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:47:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29129"
    },
    {
      "cve": "CVE-2026-29145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29145",
          "url": "https://www.suse.com/security/cve/CVE-2026-29145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261853 for CVE-2026-29145",
          "url": "https://bugzilla.suse.com/1261853"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:47:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29145"
    },
    {
      "cve": "CVE-2026-29146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Padding Oracle vulnerability in Apache Tomcat\u0027s EncryptInterceptor with default configuration.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29146",
          "url": "https://www.suse.com/security/cve/CVE-2026-29146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-29146",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:47:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-29146"
    },
    {
      "cve": "CVE-2026-32990",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-32990"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.\n\nThis issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-32990",
          "url": "https://www.suse.com/security/cve/CVE-2026-32990"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2026-32990",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:47:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-32990"
    },
    {
      "cve": "CVE-2026-34483",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34483"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34483",
          "url": "https://www.suse.com/security/cve/CVE-2026-34483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261855 for CVE-2026-34483",
          "url": "https://bugzilla.suse.com/1261855"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:47:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34483"
    },
    {
      "cve": "CVE-2026-34486",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34486"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the  fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.\n\nThis issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34486",
          "url": "https://www.suse.com/security/cve/CVE-2026-34486"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-34486",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:47:20Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-34486"
    },
    {
      "cve": "CVE-2026-34487",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34487"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34487",
          "url": "https://www.suse.com/security/cve/CVE-2026-34487"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261856 for CVE-2026-34487",
          "url": "https://bugzilla.suse.com/1261856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:47:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34487"
    },
    {
      "cve": "CVE-2026-34500",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34500"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34500",
          "url": "https://www.suse.com/security/cve/CVE-2026-34500"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261857 for CVE-2026-34500",
          "url": "https://bugzilla.suse.com/1261857"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat10-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-admin-webapps-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-el-5_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-jsp-3_1-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-lib-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-servlet-6_0-api-10.1.54-150200.5.64.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat10-webapps-10.1.54-150200.5.64.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:47:20Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34500"
    }
  ]
}

SUSE-SU-2026:1604-1

Vulnerability from csaf_suse - Published: 2026-04-24 11:48 - Updated: 2026-04-24 11:48

Summary

Security update for tomcat

Severity

Important

Notes

Title of the patch: Security update for tomcat

Patchnames: SUSE-2026-1604,SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1604,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1604,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1604,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1604,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1604,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1604,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1604,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1604,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1604,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1604,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1604

CVE-2025-66614

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 77 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-24880

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 77 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-25854

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 77 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29129

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 77 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29145

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 77 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29146

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 77 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-32990

Affected products

Recommended 77 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34483

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 77 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34486

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 77 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34487

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 77 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34500

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 77 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

46 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2026…	self
https://bugzilla.suse.com/1258371	self
https://bugzilla.suse.com/1261850	self
https://bugzilla.suse.com/1261851	self
https://bugzilla.suse.com/1261852	self
https://bugzilla.suse.com/1261853	self
https://bugzilla.suse.com/1261854	self
https://bugzilla.suse.com/1261855	self
https://bugzilla.suse.com/1261856	self
https://bugzilla.suse.com/1261857	self
https://www.suse.com/security/cve/CVE-2025-66614/	self
https://www.suse.com/security/cve/CVE-2026-24880/	self
https://www.suse.com/security/cve/CVE-2026-25854/	self
https://www.suse.com/security/cve/CVE-2026-29129/	self
https://www.suse.com/security/cve/CVE-2026-29145/	self
https://www.suse.com/security/cve/CVE-2026-29146/	self
https://www.suse.com/security/cve/CVE-2026-32990/	self
https://www.suse.com/security/cve/CVE-2026-34483/	self
https://www.suse.com/security/cve/CVE-2026-34486/	self
https://www.suse.com/security/cve/CVE-2026-34487/	self
https://www.suse.com/security/cve/CVE-2026-34500/	self
https://www.suse.com/security/cve/CVE-2025-66614	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-24880	external
https://bugzilla.suse.com/1261850	external
https://www.suse.com/security/cve/CVE-2026-25854	external
https://bugzilla.suse.com/1261851	external
https://www.suse.com/security/cve/CVE-2026-29129	external
https://bugzilla.suse.com/1261852	external
https://www.suse.com/security/cve/CVE-2026-29145	external
https://bugzilla.suse.com/1261853	external
https://www.suse.com/security/cve/CVE-2026-29146	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-32990	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-34483	external
https://bugzilla.suse.com/1261855	external
https://www.suse.com/security/cve/CVE-2026-34486	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-34487	external
https://bugzilla.suse.com/1261856	external
https://www.suse.com/security/cve/CVE-2026-34500	external
https://bugzilla.suse.com/1261857	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat fixes the following issues:\n\nSecurity fixes:\n\n- CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850).\n- CVE-2026-25854: Occasionally open redirect (bsc#1261851).\n- CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852).\n- CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853).\n- CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854).\n- CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855).  \n- CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856).\n- CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857).\n- CVE-2026-32990: The fix for CVE-2025-66614 was incomplete, so this CVE completes it (bsc#1258371).\n\nOther fixes:\n\n- Update to Tomcat 9.0.117\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-1604,SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1604,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1604,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1604,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1604,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1604,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1604,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1604,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1604,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1604,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1604,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1604",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1604-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:1604-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261604-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:1604-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045936.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258371",
        "url": "https://bugzilla.suse.com/1258371"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261850",
        "url": "https://bugzilla.suse.com/1261850"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261851",
        "url": "https://bugzilla.suse.com/1261851"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261852",
        "url": "https://bugzilla.suse.com/1261852"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261853",
        "url": "https://bugzilla.suse.com/1261853"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261854",
        "url": "https://bugzilla.suse.com/1261854"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261855",
        "url": "https://bugzilla.suse.com/1261855"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261856",
        "url": "https://bugzilla.suse.com/1261856"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261857",
        "url": "https://bugzilla.suse.com/1261857"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-66614 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-66614/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-24880 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-24880/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-25854 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-25854/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29129 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29145 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29145/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29146 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29146/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-32990 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-32990/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34483 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34483/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34486 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34486/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34487 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34487/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34500 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34500/"
      }
    ],
    "title": "Security update for tomcat",
    "tracking": {
      "current_release_date": "2026-04-24T11:48:42Z",
      "generator": {
        "date": "2026-04-24T11:48:42Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:1604-1",
      "initial_release_date": "2026-04-24T11:48:42Z",
      "revision_history": [
        {
          "date": "2026-04-24T11:48:42Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-9.0.117-150200.105.1.noarch",
                "product": {
                  "name": "tomcat-9.0.117-150200.105.1.noarch",
                  "product_id": "tomcat-9.0.117-150200.105.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
                "product": {
                  "name": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
                  "product_id": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-docs-webapp-9.0.117-150200.105.1.noarch",
                "product": {
                  "name": "tomcat-docs-webapp-9.0.117-150200.105.1.noarch",
                  "product_id": "tomcat-docs-webapp-9.0.117-150200.105.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
                "product": {
                  "name": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
                  "product_id": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-embed-9.0.117-150200.105.1.noarch",
                "product": {
                  "name": "tomcat-embed-9.0.117-150200.105.1.noarch",
                  "product_id": "tomcat-embed-9.0.117-150200.105.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-javadoc-9.0.117-150200.105.1.noarch",
                "product": {
                  "name": "tomcat-javadoc-9.0.117-150200.105.1.noarch",
                  "product_id": "tomcat-javadoc-9.0.117-150200.105.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
                "product": {
                  "name": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
                  "product_id": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsvc-9.0.117-150200.105.1.noarch",
                "product": {
                  "name": "tomcat-jsvc-9.0.117-150200.105.1.noarch",
                  "product_id": "tomcat-jsvc-9.0.117-150200.105.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-lib-9.0.117-150200.105.1.noarch",
                "product": {
                  "name": "tomcat-lib-9.0.117-150200.105.1.noarch",
                  "product_id": "tomcat-lib-9.0.117-150200.105.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
                "product": {
                  "name": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
                  "product_id": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-webapps-9.0.117-150200.105.1.noarch",
                "product": {
                  "name": "tomcat-webapps-9.0.117-150200.105.1.noarch",
                  "product_id": "tomcat-webapps-9.0.117-150200.105.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
                  "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:15:sp6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
          "product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-150200.105.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-150200.105.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-66614",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-66614"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-66614",
          "url": "https://www.suse.com/security/cve/CVE-2025-66614"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2025-66614",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:48:42Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-66614"
    },
    {
      "cve": "CVE-2026-24880",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-24880"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability in Apache Tomcat via invalid chunk extension.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOther, unsupported versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-24880",
          "url": "https://www.suse.com/security/cve/CVE-2026-24880"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261850 for CVE-2026-24880",
          "url": "https://bugzilla.suse.com/1261850"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:48:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-24880"
    },
    {
      "cve": "CVE-2026-25854",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-25854"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Occasional URL redirection to untrusted Site (\u0027Open Redirect\u0027) vulnerability in Apache Tomcat via the LoadBalancerDrainingValve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100.\nOther, unsupported versions may also be affected\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-25854",
          "url": "https://www.suse.com/security/cve/CVE-2026-25854"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261851 for CVE-2026-25854",
          "url": "https://bugzilla.suse.com/1261851"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:48:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-25854"
    },
    {
      "cve": "CVE-2026-29129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Configured cipher preference order not preserved vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29129",
          "url": "https://www.suse.com/security/cve/CVE-2026-29129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261852 for CVE-2026-29129",
          "url": "https://bugzilla.suse.com/1261852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:48:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29129"
    },
    {
      "cve": "CVE-2026-29145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29145",
          "url": "https://www.suse.com/security/cve/CVE-2026-29145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261853 for CVE-2026-29145",
          "url": "https://bugzilla.suse.com/1261853"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:48:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29145"
    },
    {
      "cve": "CVE-2026-29146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Padding Oracle vulnerability in Apache Tomcat\u0027s EncryptInterceptor with default configuration.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29146",
          "url": "https://www.suse.com/security/cve/CVE-2026-29146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-29146",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:48:42Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-29146"
    },
    {
      "cve": "CVE-2026-32990",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-32990"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.\n\nThis issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-32990",
          "url": "https://www.suse.com/security/cve/CVE-2026-32990"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2026-32990",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:48:42Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-32990"
    },
    {
      "cve": "CVE-2026-34483",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34483"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34483",
          "url": "https://www.suse.com/security/cve/CVE-2026-34483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261855 for CVE-2026-34483",
          "url": "https://bugzilla.suse.com/1261855"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:48:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34483"
    },
    {
      "cve": "CVE-2026-34486",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34486"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the  fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.\n\nThis issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34486",
          "url": "https://www.suse.com/security/cve/CVE-2026-34486"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-34486",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:48:42Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-34486"
    },
    {
      "cve": "CVE-2026-34487",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34487"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34487",
          "url": "https://www.suse.com/security/cve/CVE-2026-34487"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261856 for CVE-2026-34487",
          "url": "https://bugzilla.suse.com/1261856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:48:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34487"
    },
    {
      "cve": "CVE-2026-34500",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34500"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34500",
          "url": "https://www.suse.com/security/cve/CVE-2026-34500"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261857 for CVE-2026-34500",
          "url": "https://bugzilla.suse.com/1261857"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server 15 SP6-LTSS:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-admin-webapps-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-el-3_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-jsp-2_3-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-lib-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-servlet-4_0-api-9.0.117-150200.105.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 15 SP6:tomcat-webapps-9.0.117-150200.105.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-24T11:48:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34500"
    }
  ]
}

SUSE-SU-2026:21366-1

Vulnerability from csaf_suse - Published: 2026-04-21 11:42 - Updated: 2026-04-21 11:42

Summary

Security update for tomcat11

Severity

Important

Notes

Title of the patch: Security update for tomcat11

Description of the patch: This update for tomcat11 fixes the following issues: - Update to Tomcat 11.0.21 - CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). - CVE-2026-25854: Occasionally open redirect (bsc#1261851). - CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). - CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). - CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). - CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). - CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). - CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). - CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371)

Patchnames: SUSE-SLES-16.0-605

CVE-2025-66614

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-24880

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-25854

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29129

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29145

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29146

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-32990

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34483

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34486

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34487

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34500

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

46 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2026…	self
https://bugzilla.suse.com/1258371	self
https://bugzilla.suse.com/1261850	self
https://bugzilla.suse.com/1261851	self
https://bugzilla.suse.com/1261852	self
https://bugzilla.suse.com/1261853	self
https://bugzilla.suse.com/1261854	self
https://bugzilla.suse.com/1261855	self
https://bugzilla.suse.com/1261856	self
https://bugzilla.suse.com/1261857	self
https://www.suse.com/security/cve/CVE-2025-66614/	self
https://www.suse.com/security/cve/CVE-2026-24880/	self
https://www.suse.com/security/cve/CVE-2026-25854/	self
https://www.suse.com/security/cve/CVE-2026-29129/	self
https://www.suse.com/security/cve/CVE-2026-29145/	self
https://www.suse.com/security/cve/CVE-2026-29146/	self
https://www.suse.com/security/cve/CVE-2026-32990/	self
https://www.suse.com/security/cve/CVE-2026-34483/	self
https://www.suse.com/security/cve/CVE-2026-34486/	self
https://www.suse.com/security/cve/CVE-2026-34487/	self
https://www.suse.com/security/cve/CVE-2026-34500/	self
https://www.suse.com/security/cve/CVE-2025-66614	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-24880	external
https://bugzilla.suse.com/1261850	external
https://www.suse.com/security/cve/CVE-2026-25854	external
https://bugzilla.suse.com/1261851	external
https://www.suse.com/security/cve/CVE-2026-29129	external
https://bugzilla.suse.com/1261852	external
https://www.suse.com/security/cve/CVE-2026-29145	external
https://bugzilla.suse.com/1261853	external
https://www.suse.com/security/cve/CVE-2026-29146	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-32990	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-34483	external
https://bugzilla.suse.com/1261855	external
https://www.suse.com/security/cve/CVE-2026-34486	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-34487	external
https://bugzilla.suse.com/1261856	external
https://www.suse.com/security/cve/CVE-2026-34500	external
https://bugzilla.suse.com/1261857	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat11",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat11 fixes the following issues:\n\n- Update to Tomcat 11.0.21\n- CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850).\n- CVE-2026-25854: Occasionally open redirect (bsc#1261851).\n- CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852).\n- CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853).\n- CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854).\n- CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855).\n- CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856).\n- CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857).\n- CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLES-16.0-605",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21366-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:21366-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621366-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:21366-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-April/046075.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258371",
        "url": "https://bugzilla.suse.com/1258371"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261850",
        "url": "https://bugzilla.suse.com/1261850"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261851",
        "url": "https://bugzilla.suse.com/1261851"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261852",
        "url": "https://bugzilla.suse.com/1261852"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261853",
        "url": "https://bugzilla.suse.com/1261853"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261854",
        "url": "https://bugzilla.suse.com/1261854"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261855",
        "url": "https://bugzilla.suse.com/1261855"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261856",
        "url": "https://bugzilla.suse.com/1261856"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261857",
        "url": "https://bugzilla.suse.com/1261857"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-66614 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-66614/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-24880 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-24880/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-25854 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-25854/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29129 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29145 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29145/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29146 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29146/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-32990 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-32990/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34483 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34483/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34486 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34486/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34487 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34487/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34500 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34500/"
      }
    ],
    "title": "Security update for tomcat11",
    "tracking": {
      "current_release_date": "2026-04-21T11:42:00Z",
      "generator": {
        "date": "2026-04-21T11:42:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:21366-1",
      "initial_release_date": "2026-04-21T11:42:00Z",
      "revision_history": [
        {
          "date": "2026-04-21T11:42:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat11-11.0.21-160000.1.1.noarch",
                "product": {
                  "name": "tomcat11-11.0.21-160000.1.1.noarch",
                  "product_id": "tomcat11-11.0.21-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
                "product": {
                  "name": "tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
                  "product_id": "tomcat11-admin-webapps-11.0.21-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-doc-11.0.21-160000.1.1.noarch",
                "product": {
                  "name": "tomcat11-doc-11.0.21-160000.1.1.noarch",
                  "product_id": "tomcat11-doc-11.0.21-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
                "product": {
                  "name": "tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
                  "product_id": "tomcat11-docs-webapp-11.0.21-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
                "product": {
                  "name": "tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
                  "product_id": "tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-embed-11.0.21-160000.1.1.noarch",
                "product": {
                  "name": "tomcat11-embed-11.0.21-160000.1.1.noarch",
                  "product_id": "tomcat11-embed-11.0.21-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
                "product": {
                  "name": "tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
                  "product_id": "tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-jsvc-11.0.21-160000.1.1.noarch",
                "product": {
                  "name": "tomcat11-jsvc-11.0.21-160000.1.1.noarch",
                  "product_id": "tomcat11-jsvc-11.0.21-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-lib-11.0.21-160000.1.1.noarch",
                "product": {
                  "name": "tomcat11-lib-11.0.21-160000.1.1.noarch",
                  "product_id": "tomcat11-lib-11.0.21-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
                "product": {
                  "name": "tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
                  "product_id": "tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat11-webapps-11.0.21-160000.1.1.noarch",
                "product": {
                  "name": "tomcat11-webapps-11.0.21-160000.1.1.noarch",
                  "product_id": "tomcat11-webapps-11.0.21-160000.1.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server 16.0",
                  "product_id": "SUSE Linux Enterprise Server 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-admin-webapps-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-doc-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-doc-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-docs-webapp-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-embed-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-embed-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-jsvc-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-jsvc-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-lib-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-lib-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-webapps-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-webapps-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-admin-webapps-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-doc-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-doc-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-docs-webapp-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-embed-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-embed-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-jsvc-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-jsvc-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-lib-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-lib-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat11-webapps-11.0.21-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
        },
        "product_reference": "tomcat11-webapps-11.0.21-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-66614",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-66614"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-66614",
          "url": "https://www.suse.com/security/cve/CVE-2025-66614"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2025-66614",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-21T11:42:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-66614"
    },
    {
      "cve": "CVE-2026-24880",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-24880"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability in Apache Tomcat via invalid chunk extension.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOther, unsupported versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-24880",
          "url": "https://www.suse.com/security/cve/CVE-2026-24880"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261850 for CVE-2026-24880",
          "url": "https://bugzilla.suse.com/1261850"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-21T11:42:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-24880"
    },
    {
      "cve": "CVE-2026-25854",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-25854"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Occasional URL redirection to untrusted Site (\u0027Open Redirect\u0027) vulnerability in Apache Tomcat via the LoadBalancerDrainingValve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100.\nOther, unsupported versions may also be affected\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-25854",
          "url": "https://www.suse.com/security/cve/CVE-2026-25854"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261851 for CVE-2026-25854",
          "url": "https://bugzilla.suse.com/1261851"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-21T11:42:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-25854"
    },
    {
      "cve": "CVE-2026-29129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Configured cipher preference order not preserved vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29129",
          "url": "https://www.suse.com/security/cve/CVE-2026-29129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261852 for CVE-2026-29129",
          "url": "https://bugzilla.suse.com/1261852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-21T11:42:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29129"
    },
    {
      "cve": "CVE-2026-29145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29145",
          "url": "https://www.suse.com/security/cve/CVE-2026-29145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261853 for CVE-2026-29145",
          "url": "https://bugzilla.suse.com/1261853"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-21T11:42:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29145"
    },
    {
      "cve": "CVE-2026-29146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Padding Oracle vulnerability in Apache Tomcat\u0027s EncryptInterceptor with default configuration.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29146",
          "url": "https://www.suse.com/security/cve/CVE-2026-29146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-29146",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-21T11:42:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-29146"
    },
    {
      "cve": "CVE-2026-32990",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-32990"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.\n\nThis issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-32990",
          "url": "https://www.suse.com/security/cve/CVE-2026-32990"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2026-32990",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-21T11:42:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-32990"
    },
    {
      "cve": "CVE-2026-34483",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34483"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34483",
          "url": "https://www.suse.com/security/cve/CVE-2026-34483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261855 for CVE-2026-34483",
          "url": "https://bugzilla.suse.com/1261855"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-21T11:42:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34483"
    },
    {
      "cve": "CVE-2026-34486",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34486"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the  fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.\n\nThis issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34486",
          "url": "https://www.suse.com/security/cve/CVE-2026-34486"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-34486",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-21T11:42:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-34486"
    },
    {
      "cve": "CVE-2026-34487",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34487"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34487",
          "url": "https://www.suse.com/security/cve/CVE-2026-34487"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261856 for CVE-2026-34487",
          "url": "https://bugzilla.suse.com/1261856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-21T11:42:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34487"
    },
    {
      "cve": "CVE-2026-34500",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34500"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34500",
          "url": "https://www.suse.com/security/cve/CVE-2026-34500"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261857 for CVE-2026-34500",
          "url": "https://bugzilla.suse.com/1261857"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-admin-webapps-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-doc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-docs-webapp-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-el-6_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-embed-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsp-4_0-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-jsvc-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-lib-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-servlet-6_1-api-11.0.21-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat11-webapps-11.0.21-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-21T11:42:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34500"
    }
  ]
}

SUSE-SU-2026:21378-1

Vulnerability from csaf_suse - Published: 2026-04-22 11:07 - Updated: 2026-04-22 11:07

Summary

Security update for tomcat

Severity

Important

Notes

Title of the patch: Security update for tomcat

Description of the patch: This update for tomcat fixes the following issues: - CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). - CVE-2026-25854: Occasionally open redirect (bsc#1261851). - CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). - CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). - CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). - CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). - CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). - CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857). - CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371)

Patchnames: SUSE-SLES-16.0-623

CVE-2025-66614

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-24880

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-25854

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29129

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29145

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29146

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-32990

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34483

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34486

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34487

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34500

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

46 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2026…	self
https://bugzilla.suse.com/1258371	self
https://bugzilla.suse.com/1261850	self
https://bugzilla.suse.com/1261851	self
https://bugzilla.suse.com/1261852	self
https://bugzilla.suse.com/1261853	self
https://bugzilla.suse.com/1261854	self
https://bugzilla.suse.com/1261855	self
https://bugzilla.suse.com/1261856	self
https://bugzilla.suse.com/1261857	self
https://www.suse.com/security/cve/CVE-2025-66614/	self
https://www.suse.com/security/cve/CVE-2026-24880/	self
https://www.suse.com/security/cve/CVE-2026-25854/	self
https://www.suse.com/security/cve/CVE-2026-29129/	self
https://www.suse.com/security/cve/CVE-2026-29145/	self
https://www.suse.com/security/cve/CVE-2026-29146/	self
https://www.suse.com/security/cve/CVE-2026-32990/	self
https://www.suse.com/security/cve/CVE-2026-34483/	self
https://www.suse.com/security/cve/CVE-2026-34486/	self
https://www.suse.com/security/cve/CVE-2026-34487/	self
https://www.suse.com/security/cve/CVE-2026-34500/	self
https://www.suse.com/security/cve/CVE-2025-66614	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-24880	external
https://bugzilla.suse.com/1261850	external
https://www.suse.com/security/cve/CVE-2026-25854	external
https://bugzilla.suse.com/1261851	external
https://www.suse.com/security/cve/CVE-2026-29129	external
https://bugzilla.suse.com/1261852	external
https://www.suse.com/security/cve/CVE-2026-29145	external
https://bugzilla.suse.com/1261853	external
https://www.suse.com/security/cve/CVE-2026-29146	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-32990	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-34483	external
https://bugzilla.suse.com/1261855	external
https://www.suse.com/security/cve/CVE-2026-34486	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-34487	external
https://bugzilla.suse.com/1261856	external
https://www.suse.com/security/cve/CVE-2026-34500	external
https://bugzilla.suse.com/1261857	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat fixes the following issues:\n\n- CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850).\n- CVE-2026-25854: Occasionally open redirect (bsc#1261851).\n- CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852).\n- CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853).\n- CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854).\n- CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855).\n- CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856).\n- CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857).\n- CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLES-16.0-623",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21378-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:21378-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621378-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:21378-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-April/046063.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258371",
        "url": "https://bugzilla.suse.com/1258371"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261850",
        "url": "https://bugzilla.suse.com/1261850"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261851",
        "url": "https://bugzilla.suse.com/1261851"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261852",
        "url": "https://bugzilla.suse.com/1261852"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261853",
        "url": "https://bugzilla.suse.com/1261853"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261854",
        "url": "https://bugzilla.suse.com/1261854"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261855",
        "url": "https://bugzilla.suse.com/1261855"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261856",
        "url": "https://bugzilla.suse.com/1261856"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261857",
        "url": "https://bugzilla.suse.com/1261857"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-66614 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-66614/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-24880 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-24880/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-25854 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-25854/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29129 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29145 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29145/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29146 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29146/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-32990 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-32990/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34483 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34483/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34486 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34486/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34487 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34487/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34500 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34500/"
      }
    ],
    "title": "Security update for tomcat",
    "tracking": {
      "current_release_date": "2026-04-22T11:07:06Z",
      "generator": {
        "date": "2026-04-22T11:07:06Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:21378-1",
      "initial_release_date": "2026-04-22T11:07:06Z",
      "revision_history": [
        {
          "date": "2026-04-22T11:07:06Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-9.0.117-160000.1.1.noarch",
                "product": {
                  "name": "tomcat-9.0.117-160000.1.1.noarch",
                  "product_id": "tomcat-9.0.117-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
                "product": {
                  "name": "tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
                  "product_id": "tomcat-admin-webapps-9.0.117-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
                "product": {
                  "name": "tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
                  "product_id": "tomcat-docs-webapp-9.0.117-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
                "product": {
                  "name": "tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
                  "product_id": "tomcat-el-3_0-api-9.0.117-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-embed-9.0.117-160000.1.1.noarch",
                "product": {
                  "name": "tomcat-embed-9.0.117-160000.1.1.noarch",
                  "product_id": "tomcat-embed-9.0.117-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-javadoc-9.0.117-160000.1.1.noarch",
                "product": {
                  "name": "tomcat-javadoc-9.0.117-160000.1.1.noarch",
                  "product_id": "tomcat-javadoc-9.0.117-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
                "product": {
                  "name": "tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
                  "product_id": "tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsvc-9.0.117-160000.1.1.noarch",
                "product": {
                  "name": "tomcat-jsvc-9.0.117-160000.1.1.noarch",
                  "product_id": "tomcat-jsvc-9.0.117-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-lib-9.0.117-160000.1.1.noarch",
                "product": {
                  "name": "tomcat-lib-9.0.117-160000.1.1.noarch",
                  "product_id": "tomcat-lib-9.0.117-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
                "product": {
                  "name": "tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
                  "product_id": "tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-webapps-9.0.117-160000.1.1.noarch",
                "product": {
                  "name": "tomcat-webapps-9.0.117-160000.1.1.noarch",
                  "product_id": "tomcat-webapps-9.0.117-160000.1.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server 16.0",
                  "product_id": "SUSE Linux Enterprise Server 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-docs-webapp-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-embed-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-embed-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-javadoc-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-javadoc-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsvc-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-jsvc-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-docs-webapp-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-embed-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-embed-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-javadoc-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-javadoc-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsvc-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-jsvc-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.117-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.117-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-66614",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-66614"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-66614",
          "url": "https://www.suse.com/security/cve/CVE-2025-66614"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2025-66614",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:07:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-66614"
    },
    {
      "cve": "CVE-2026-24880",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-24880"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability in Apache Tomcat via invalid chunk extension.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOther, unsupported versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-24880",
          "url": "https://www.suse.com/security/cve/CVE-2026-24880"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261850 for CVE-2026-24880",
          "url": "https://bugzilla.suse.com/1261850"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:07:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-24880"
    },
    {
      "cve": "CVE-2026-25854",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-25854"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Occasional URL redirection to untrusted Site (\u0027Open Redirect\u0027) vulnerability in Apache Tomcat via the LoadBalancerDrainingValve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100.\nOther, unsupported versions may also be affected\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-25854",
          "url": "https://www.suse.com/security/cve/CVE-2026-25854"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261851 for CVE-2026-25854",
          "url": "https://bugzilla.suse.com/1261851"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:07:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-25854"
    },
    {
      "cve": "CVE-2026-29129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Configured cipher preference order not preserved vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29129",
          "url": "https://www.suse.com/security/cve/CVE-2026-29129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261852 for CVE-2026-29129",
          "url": "https://bugzilla.suse.com/1261852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:07:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29129"
    },
    {
      "cve": "CVE-2026-29145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29145",
          "url": "https://www.suse.com/security/cve/CVE-2026-29145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261853 for CVE-2026-29145",
          "url": "https://bugzilla.suse.com/1261853"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:07:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29145"
    },
    {
      "cve": "CVE-2026-29146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Padding Oracle vulnerability in Apache Tomcat\u0027s EncryptInterceptor with default configuration.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29146",
          "url": "https://www.suse.com/security/cve/CVE-2026-29146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-29146",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:07:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-29146"
    },
    {
      "cve": "CVE-2026-32990",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-32990"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.\n\nThis issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-32990",
          "url": "https://www.suse.com/security/cve/CVE-2026-32990"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2026-32990",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:07:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-32990"
    },
    {
      "cve": "CVE-2026-34483",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34483"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34483",
          "url": "https://www.suse.com/security/cve/CVE-2026-34483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261855 for CVE-2026-34483",
          "url": "https://bugzilla.suse.com/1261855"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:07:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34483"
    },
    {
      "cve": "CVE-2026-34486",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34486"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the  fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.\n\nThis issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34486",
          "url": "https://www.suse.com/security/cve/CVE-2026-34486"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-34486",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:07:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-34486"
    },
    {
      "cve": "CVE-2026-34487",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34487"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34487",
          "url": "https://www.suse.com/security/cve/CVE-2026-34487"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261856 for CVE-2026-34487",
          "url": "https://bugzilla.suse.com/1261856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:07:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34487"
    },
    {
      "cve": "CVE-2026-34500",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34500"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34500",
          "url": "https://www.suse.com/security/cve/CVE-2026-34500"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261857 for CVE-2026-34500",
          "url": "https://bugzilla.suse.com/1261857"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-admin-webapps-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-docs-webapp-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-el-3_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-embed-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-javadoc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsp-2_3-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-jsvc-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-lib-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-servlet-4_0-api-9.0.117-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat-webapps-9.0.117-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:07:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34500"
    }
  ]
}

SUSE-SU-2026:21379-1

Vulnerability from csaf_suse - Published: 2026-04-22 11:09 - Updated: 2026-04-22 11:09

Summary

Security update for tomcat10

Severity

Important

Notes

Title of the patch: Security update for tomcat10

Patchnames: SUSE-SLES-16.0-624

CVE-2025-66614

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-24880

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-25854

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29129

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29145

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-29146

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-32990

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34483

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34486

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2026-34487

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2026-34500

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 22 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

46 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2026…	self
https://bugzilla.suse.com/1258371	self
https://bugzilla.suse.com/1261850	self
https://bugzilla.suse.com/1261851	self
https://bugzilla.suse.com/1261852	self
https://bugzilla.suse.com/1261853	self
https://bugzilla.suse.com/1261854	self
https://bugzilla.suse.com/1261855	self
https://bugzilla.suse.com/1261856	self
https://bugzilla.suse.com/1261857	self
https://www.suse.com/security/cve/CVE-2025-66614/	self
https://www.suse.com/security/cve/CVE-2026-24880/	self
https://www.suse.com/security/cve/CVE-2026-25854/	self
https://www.suse.com/security/cve/CVE-2026-29129/	self
https://www.suse.com/security/cve/CVE-2026-29145/	self
https://www.suse.com/security/cve/CVE-2026-29146/	self
https://www.suse.com/security/cve/CVE-2026-32990/	self
https://www.suse.com/security/cve/CVE-2026-34483/	self
https://www.suse.com/security/cve/CVE-2026-34486/	self
https://www.suse.com/security/cve/CVE-2026-34487/	self
https://www.suse.com/security/cve/CVE-2026-34500/	self
https://www.suse.com/security/cve/CVE-2025-66614	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-24880	external
https://bugzilla.suse.com/1261850	external
https://www.suse.com/security/cve/CVE-2026-25854	external
https://bugzilla.suse.com/1261851	external
https://www.suse.com/security/cve/CVE-2026-29129	external
https://bugzilla.suse.com/1261852	external
https://www.suse.com/security/cve/CVE-2026-29145	external
https://bugzilla.suse.com/1261853	external
https://www.suse.com/security/cve/CVE-2026-29146	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-32990	external
https://bugzilla.suse.com/1258371	external
https://www.suse.com/security/cve/CVE-2026-34483	external
https://bugzilla.suse.com/1261855	external
https://www.suse.com/security/cve/CVE-2026-34486	external
https://bugzilla.suse.com/1261854	external
https://www.suse.com/security/cve/CVE-2026-34487	external
https://bugzilla.suse.com/1261856	external
https://www.suse.com/security/cve/CVE-2026-34500	external
https://bugzilla.suse.com/1261857	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat10",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat10 fixes the following issues:\n\n- Update to Tomcat 10.1.54\n- CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850).\n- CVE-2026-25854: Occasionally open redirect (bsc#1261851).\n- CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852).\n- CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853).\n- CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854).\n- CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855).\n- CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856).\n- CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857).\n- CVE-2026-32990: The fix for CVE-2025-66614 was incomplete. (bsc#1258371)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLES-16.0-624",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21379-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:21379-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621379-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:21379-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-April/046062.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258371",
        "url": "https://bugzilla.suse.com/1258371"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261850",
        "url": "https://bugzilla.suse.com/1261850"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261851",
        "url": "https://bugzilla.suse.com/1261851"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261852",
        "url": "https://bugzilla.suse.com/1261852"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261853",
        "url": "https://bugzilla.suse.com/1261853"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261854",
        "url": "https://bugzilla.suse.com/1261854"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261855",
        "url": "https://bugzilla.suse.com/1261855"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261856",
        "url": "https://bugzilla.suse.com/1261856"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261857",
        "url": "https://bugzilla.suse.com/1261857"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-66614 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-66614/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-24880 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-24880/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-25854 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-25854/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29129 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29145 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29145/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-29146 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-29146/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-32990 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-32990/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34483 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34483/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34486 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34486/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34487 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34487/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-34500 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-34500/"
      }
    ],
    "title": "Security update for tomcat10",
    "tracking": {
      "current_release_date": "2026-04-22T11:09:31Z",
      "generator": {
        "date": "2026-04-22T11:09:31Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:21379-1",
      "initial_release_date": "2026-04-22T11:09:31Z",
      "revision_history": [
        {
          "date": "2026-04-22T11:09:31Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat10-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-admin-webapps-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-doc-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-doc-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-doc-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-docs-webapp-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-embed-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-embed-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-embed-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-jsvc-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-jsvc-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-jsvc-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-lib-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-lib-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-lib-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat10-webapps-10.1.54-160000.1.1.noarch",
                "product": {
                  "name": "tomcat10-webapps-10.1.54-160000.1.1.noarch",
                  "product_id": "tomcat10-webapps-10.1.54-160000.1.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server 16.0",
                  "product_id": "SUSE Linux Enterprise Server 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-admin-webapps-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-doc-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-doc-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-docs-webapp-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-embed-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-embed-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-jsvc-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-jsvc-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-lib-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-lib-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-webapps-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-webapps-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-admin-webapps-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-doc-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-doc-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-docs-webapp-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-embed-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-embed-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-jsvc-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-jsvc-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-lib-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-lib-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat10-webapps-10.1.54-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        },
        "product_reference": "tomcat10-webapps-10.1.54-160000.1.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-66614",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-66614"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected.\nTomcat did not validate that the host name provided via the SNI \nextension was the same as the host name provided in the HTTP host header \nfield. If Tomcat was configured with more than one virtual host and the \nTLS configuration for one of those hosts did not require client \ncertificate authentication but another one did, it was possible for a \nclient to bypass the client certificate authentication by sending \ndifferent host names in the SNI extension and the HTTP host header field.\n\n\n\nThe vulnerability only applies if client certificate authentication is \nonly enforced at the Connector. It does not apply if client certificate \nauthentication is enforced at the web application.\n\n\nUsers are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-66614",
          "url": "https://www.suse.com/security/cve/CVE-2025-66614"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2025-66614",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:09:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-66614"
    },
    {
      "cve": "CVE-2026-24880",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-24880"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability in Apache Tomcat via invalid chunk extension.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOther, unsupported versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-24880",
          "url": "https://www.suse.com/security/cve/CVE-2026-24880"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261850 for CVE-2026-24880",
          "url": "https://bugzilla.suse.com/1261850"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:09:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-24880"
    },
    {
      "cve": "CVE-2026-25854",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-25854"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Occasional URL redirection to untrusted Site (\u0027Open Redirect\u0027) vulnerability in Apache Tomcat via the LoadBalancerDrainingValve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100.\nOther, unsupported versions may also be affected\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-25854",
          "url": "https://www.suse.com/security/cve/CVE-2026-25854"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261851 for CVE-2026-25854",
          "url": "https://bugzilla.suse.com/1261851"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:09:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-25854"
    },
    {
      "cve": "CVE-2026-29129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Configured cipher preference order not preserved vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29129",
          "url": "https://www.suse.com/security/cve/CVE-2026-29129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261852 for CVE-2026-29129",
          "url": "https://bugzilla.suse.com/1261852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:09:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29129"
    },
    {
      "cve": "CVE-2026-29145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29145",
          "url": "https://www.suse.com/security/cve/CVE-2026-29145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261853 for CVE-2026-29145",
          "url": "https://bugzilla.suse.com/1261853"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:09:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-29145"
    },
    {
      "cve": "CVE-2026-29146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-29146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Padding Oracle vulnerability in Apache Tomcat\u0027s EncryptInterceptor with default configuration.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-29146",
          "url": "https://www.suse.com/security/cve/CVE-2026-29146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-29146",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:09:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-29146"
    },
    {
      "cve": "CVE-2026-32990",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-32990"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.\n\nThis issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-32990",
          "url": "https://www.suse.com/security/cve/CVE-2026-32990"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258371 for CVE-2026-32990",
          "url": "https://bugzilla.suse.com/1258371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:09:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-32990"
    },
    {
      "cve": "CVE-2026-34483",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34483"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34483",
          "url": "https://www.suse.com/security/cve/CVE-2026-34483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261855 for CVE-2026-34483",
          "url": "https://bugzilla.suse.com/1261855"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:09:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34483"
    },
    {
      "cve": "CVE-2026-34486",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34486"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the  fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.\n\nThis issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34486",
          "url": "https://www.suse.com/security/cve/CVE-2026-34486"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261854 for CVE-2026-34486",
          "url": "https://bugzilla.suse.com/1261854"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:09:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-34486"
    },
    {
      "cve": "CVE-2026-34487",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34487"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34487",
          "url": "https://www.suse.com/security/cve/CVE-2026-34487"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261856 for CVE-2026-34487",
          "url": "https://bugzilla.suse.com/1261856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:09:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34487"
    },
    {
      "cve": "CVE-2026-34500",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-34500"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
          "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-34500",
          "url": "https://www.suse.com/security/cve/CVE-2026-34500"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261857 for CVE-2026-34500",
          "url": "https://bugzilla.suse.com/1261857"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-admin-webapps-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-doc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-docs-webapp-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-el-5_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-embed-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsp-3_1-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-jsvc-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-lib-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-servlet-6_0-api-10.1.54-160000.1.1.noarch",
            "SUSE Linux Enterprise Server for SAP applications 16.0:tomcat10-webapps-10.1.54-160000.1.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-22T11:09:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-34500"
    }
  ]
}

WID-SEC-W-2026-1608

Vulnerability from csaf_certbund - Published: 2026-05-19 22:00 - Updated: 2026-05-20 22:00

Summary

Atlassian Produkte (Bamboo, Bitbucket, Confluence, Crucible, Fisheye und Jira): Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet. Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle. Confluence ist eine kommerzielle Wiki-Software. Crucible ist eine Code-Review-Lösung für Unternehmensteams. Fisheye ist ein Quellcode-Repository-Browser für Unternehmensteams. Jira ist eine Webanwendung zur Softwareentwicklung.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence, Atlassian Crucible, Atlassian Fisheye und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um einen Cross-Site Scripting Angriff durchzuführen, und um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2019-13990

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2022-1471

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2022-23521

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2022-41903

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-22518

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-22522

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-22523

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-22524

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-22527

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-24998

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-46604

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2024-45801

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2025-52999

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2025-67030

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-22029

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-22732

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-24734

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-24880

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-25639

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-26960

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-27727

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-27830

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-29062

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-29129

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-29145

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-29146

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-29786

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-31802

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-33750

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-34483

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-34487

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-39304

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-42198

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-5598

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://confluence.atlassian.com/security/securit…	external
https://access.redhat.com/errata/RHSA-2026:19098	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nCrucible ist eine Code-Review-L\u00f6sung f\u00fcr Unternehmensteams.\r\nFisheye ist ein Quellcode-Repository-Browser f\u00fcr Unternehmensteams. \r\nJira ist eine Webanwendung zur Softwareentwicklung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence, Atlassian Crucible, Atlassian Fisheye und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, und um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1608 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1608.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1608 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1608"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin Mai vom 2026-05-19",
        "url": "https://confluence.atlassian.com/security/security-bulletin-may-19-2026-1786839142.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:19098 vom 2026-05-20",
        "url": "https://access.redhat.com/errata/RHSA-2026:19098"
      }
    ],
    "source_lang": "en-US",
    "title": "Atlassian Produkte (Bamboo, Bitbucket, Confluence, Crucible, Fisheye und Jira): Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-20T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-21T07:35:45.292+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1608",
      "initial_release_date": "2026-05-19T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-19T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-20T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c12.1.7",
                "product": {
                  "name": "Atlassian Bamboo Data Center LTS \u003c12.1.7",
                  "product_id": "T054387"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 12.1.7",
                "product": {
                  "name": "Atlassian Bamboo Data Center LTS 12.1.7",
                  "product_id": "T054387-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center_lts__12.1.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c10.2.19",
                "product": {
                  "name": "Atlassian Bamboo Data Center LTS \u003c10.2.19",
                  "product_id": "T054388"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 10.2.19",
                "product": {
                  "name": "Atlassian Bamboo Data Center LTS 10.2.19",
                  "product_id": "T054388-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center_lts__10.2.19"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c9.6.26",
                "product": {
                  "name": "Atlassian Bamboo Data Center LTS \u003c9.6.26",
                  "product_id": "T054389"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 9.6.26",
                "product": {
                  "name": "Atlassian Bamboo Data Center LTS 9.6.26",
                  "product_id": "T054389-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center_lts__9.6.26"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bamboo"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c10.2.2",
                "product": {
                  "name": "Atlassian Bitbucket Data Center LTS \u003c10.2.2",
                  "product_id": "T054391"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 10.2.2",
                "product": {
                  "name": "Atlassian Bitbucket Data Center LTS 10.2.2",
                  "product_id": "T054391-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center_lts__10.2.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c9.4.19",
                "product": {
                  "name": "Atlassian Bitbucket Data Center LTS \u003c9.4.19",
                  "product_id": "T054392"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 9.4.19",
                "product": {
                  "name": "Atlassian Bitbucket Data Center LTS 9.4.19",
                  "product_id": "T054392-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center_lts__9.4.19"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c10.2.11",
                "product": {
                  "name": "Atlassian Confluence Data Center LTS \u003c10.2.11",
                  "product_id": "T054393"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 10.2.11",
                "product": {
                  "name": "Atlassian Confluence Data Center LTS 10.2.11",
                  "product_id": "T054393-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center_lts__10.2.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c9.2.20",
                "product": {
                  "name": "Atlassian Confluence Data Center LTS \u003c9.2.20",
                  "product_id": "T054394"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 9.2.20",
                "product": {
                  "name": "Atlassian Confluence Data Center LTS 9.2.20",
                  "product_id": "T054394-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center_lts__9.2.20"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.9.10",
                "product": {
                  "name": "Atlassian Crucible \u003c4.9.10",
                  "product_id": "T054395"
                }
              },
              {
                "category": "product_version",
                "name": "4.9.10",
                "product": {
                  "name": "Atlassian Crucible 4.9.10",
                  "product_id": "T054395-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:crucible:4.9.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Crucible"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.9.10",
                "product": {
                  "name": "Atlassian Fisheye \u003c4.9.10",
                  "product_id": "T054396"
                }
              },
              {
                "category": "product_version",
                "name": "4.9.10",
                "product": {
                  "name": "Atlassian Fisheye 4.9.10",
                  "product_id": "T054396-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:fisheye:4.9.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fisheye"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c11.3.5",
                "product": {
                  "name": "Atlassian Jira Data Center LTS \u003c11.3.5",
                  "product_id": "T054397"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 11.3.5",
                "product": {
                  "name": "Atlassian Jira Data Center LTS 11.3.5",
                  "product_id": "T054397-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center_lts__11.3.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c10.3.20",
                "product": {
                  "name": "Atlassian Jira Data Center LTS \u003c10.3.20",
                  "product_id": "T054398"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 10.3.20",
                "product": {
                  "name": "Atlassian Jira Data Center LTS 10.3.20",
                  "product_id": "T054398-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center_lts__10.3.20"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "LTS \u003c9.12.35",
                "product": {
                  "name": "Atlassian Jira LTS \u003c9.12.35",
                  "product_id": "T054399"
                }
              },
              {
                "category": "product_version",
                "name": "LTS 9.12.35",
                "product": {
                  "name": "Atlassian Jira LTS 9.12.35",
                  "product_id": "T054399-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:lts__9.12.35"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-13990",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2019-13990"
    },
    {
      "cve": "CVE-2022-1471",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2022-1471"
    },
    {
      "cve": "CVE-2022-23521",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2022-23521"
    },
    {
      "cve": "CVE-2022-41903",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2022-41903"
    },
    {
      "cve": "CVE-2023-22518",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-22518"
    },
    {
      "cve": "CVE-2023-22522",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-22522"
    },
    {
      "cve": "CVE-2023-22523",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-22523"
    },
    {
      "cve": "CVE-2023-22524",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-22524"
    },
    {
      "cve": "CVE-2023-22527",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-22527"
    },
    {
      "cve": "CVE-2023-24998",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-46604",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-46604"
    },
    {
      "cve": "CVE-2024-45801",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2024-45801"
    },
    {
      "cve": "CVE-2025-52999",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2025-52999"
    },
    {
      "cve": "CVE-2025-67030",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2025-67030"
    },
    {
      "cve": "CVE-2026-22029",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-22029"
    },
    {
      "cve": "CVE-2026-22732",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-22732"
    },
    {
      "cve": "CVE-2026-24734",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-24734"
    },
    {
      "cve": "CVE-2026-24880",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-24880"
    },
    {
      "cve": "CVE-2026-25639",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-25639"
    },
    {
      "cve": "CVE-2026-26960",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-26960"
    },
    {
      "cve": "CVE-2026-27727",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-27727"
    },
    {
      "cve": "CVE-2026-27830",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-27830"
    },
    {
      "cve": "CVE-2026-29062",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-29062"
    },
    {
      "cve": "CVE-2026-29129",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-29129"
    },
    {
      "cve": "CVE-2026-29145",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-29145"
    },
    {
      "cve": "CVE-2026-29146",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-29146"
    },
    {
      "cve": "CVE-2026-29786",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-29786"
    },
    {
      "cve": "CVE-2026-31802",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-31802"
    },
    {
      "cve": "CVE-2026-33750",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-33750"
    },
    {
      "cve": "CVE-2026-34483",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-34483"
    },
    {
      "cve": "CVE-2026-34487",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-34487"
    },
    {
      "cve": "CVE-2026-39304",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-39304"
    },
    {
      "cve": "CVE-2026-42198",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-42198"
    },
    {
      "cve": "CVE-2026-5598",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-5598"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-29145 (GCVE-0-2026-29145)

Tags

Sightings

Nomenclature