Vulnerability scanning tool shows a spring vulnerability in DLP15.8: CVE-2020-5398

Release : 15.7 / 15.8

This vulnerability (CVE-2020-5398) an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

Analysis from security team on this CVE:

DLP does not use "org.springframework.http.ContentDisposition" hence not vulnerable.