No, Desktop Central is not vulnerable to CVE-2020-17527 vulnerability. Read the document fully for further details.
Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
CVE-2020-17527 will not affect Desktop Central as HTTP/2 requests are not used.
Although the Desktop Central is not vulnerable to this CVE, we'll be upgrading to the latest Apache Tomcat version during our regular third-party components upgrade cycle.
