We recently discovered a critical vulnerability in our Envision 4.0 system. After running a vulnerability assessment against our Envision 4.0 system we discovered that it is running Apache Tomcat 5.5.26 which has several vulnerabilities which are rated as critical / non PCI compliant. RSA support is aware of the problem but is not expecting to have a patch released until sometime in Q2 of 2010.
Has anyone else seen this?
Any suggestions or work arounds would be appreciated.