Is DLP vulnerable to CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence?

book

Article ID: 191724

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You want to know if DLP is vulnerable to CVE-2020-9484 as described here (external link):

https://www.mail-archive.com/[email protected]/msg135215.html

 

Environment

Release : 15.x, 14.x

 

Resolution

DLP does not use the PersistentManager with FileStore, which is a required pre-condition for the exploit, and hence is not impacted.