The host is installed with Apache Tomcat 9.0.40 through 9.0.68, 10.1.0.M1 through 10.1.1 or 8.5.83 and is prone to a JsonErrorReportValve injection vulnerability. A flaw is present in application, which fails to handle JsonErrorReportValve values. Successful exploitation could allows users to supply values that invalidated or manipulated the JSON output.