Qualys WAS has been updated with a new detection for CVE-2019-0232, a remote code execution (RCE) vulnerability in Apache Tomcat running on Microsoft Windows. This is a very serious vulnerability, but it is exploitable only when CGI Servlet is enabled in Tomcat. CGI Servlet is disabled by default, so the number of exposed Tomcat instances is much less than it could have been otherwise.
Ensure that QID 150240 is enabled in your WAS vulnerability scans to test for this issue. More details about the vulnerability can be found at the Apache Tomcat security advisory.