We are currently on Crystal Report Server BI 4.3 SP3 (Tomcat 9.0.65). Our security scans have identified a vulnerability (CVE-2023-24998) which we need to patch, requiring at least Tomcat 9.0.71.
The latest BI patch (BI 4.3 SP03 Patch 500) updates Tomcat to 9.0.74, which will fix the vulnerability.
[https://me.sap.com/notes/2112338]
Is it best to apply the SAP BI patch (BI 4.3 SP03 Patch 500) , or to just upgrade Tomcat independently... to possibly even a newer version?
Thank you!