Security vulnerability scanned picked up vulnerability CVE-2023-46604 that needed patching.
10.x
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker of client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client of the broker (respectively) to instantiate any class on the classpath.
NCM does not utilize the "OpenWire protocol". This vulnerability does not affect NCM.