Is Liveupdate Administrator 2.3.13 vulnerable to CVE-2023-20860 and CVE-2023-20861
search cancel

Is Liveupdate Administrator 2.3.13 vulnerable to CVE-2023-20860 and CVE-2023-20861

book

Article ID: 380801

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Liveupdate Administrator 2.3.13 comes with Spring Framework 5.3.19 which may be marked as vulnerable to CVE-2023-20860 and CVE-2023-20861 by vulnerability scanners.

Resolution

Liveupdate 2.3.13 is not vulnerable to CVE-2023-20860 and CVE-2023-20861 as it does not use nor expose the vulnerable features of the Spring Framework.

Future versions of LUA will include a more recent version of this third party component.