SEVERITY:  High (9.8/10)

BACKGROUND:

Security penetration tests may return a false positive for the Ghostcat vulnerability due to the presence of the tomcat-coyote.jar file in the folder D:\CW\V##\tomcat\lib.  While the org.apache.tomcat class files in that archive are used to implement Apache Tomcat, the class files in its org.apache.coyote folder are not called as the AJP protocols are not enabled.

FINDING:

AJP protocols are not implemented in the Veritas eDiscovery Platform.  Only HTTP protocol connectors 80 and 443 are enabled in the Tomcat Catalina startup file; therefore, no version of the Veritas eDiscovery Platform is affected by this vulnerability.