Desktop Central is vulnerable to CVE 2020-13935

Is Desktop Central vulnerable to this CVE?

Yes,  Desktop Central is vulnerable to CVE-2020-13935  vulnerability. Read the document fully for further details.

What was the issue?

The payload length in a WebSocket frame was not vaildated properly. Invalid payload lengths could trigger an infinite loop. If the number of such requests reach a particular target, it could lead to Denial of Service (DoS). This affects Apache Tomcat 8.5.0 to 8.5.56.

Why Desktop Central is vulnerable to this CVE?

CVE-2020-13935 affects Desktop Central as WebSocket frames are used during requests.

Future plan for Upgrade

Since Desktop Central is vulnerable to this CVE, it is categorised as high priortity, and we'll be upgrading to the latest Apache Tomcat version at the earliest.