Two "low" Apache Tomcat vulnerabilities nearly became heise security alerts due to peculiar CISA vulnrichment.