# Security Updates on Vulnerabilities

## Desktop Central is vulnerable to CVE-2020-1971

### Is Desktop Central vulnerable to this CVE?

**Yes**, **Endpoint Central** is vulnerable to **CVE-2020-1971** vulnerability. Read the document fully for further details.

### What was the issue?

OpenSSL provides a function that compares the different instances of the GENERAL_NAME parameter. If the two input values for the function contain an EDIPARTYNAME, then a crash might occur leading to a possible denial of service attack.

### Why Desktop Central is vulnerable to this CVE?

**CVE-2020-1971** affects **Desktop Central** as **SSL certificates** are used by Nginx/Apache.

### Future plan for Upgrade

Since **Desktop Central** is vulnerable to this CVE, it is categorised as high priority, and we'll be upgrading to the latest **Apache Tomcat/Nginx** version at the earliest.