Is DLP vulnerable to CVE-2024-38821
search cancel

Is DLP vulnerable to CVE-2024-38821

book

Article ID: 385497

calendar_today

Updated On:

Products

Data Loss Prevention Core Package

Issue/Introduction

A customer requests to know if Symantec Data Loss Prevention (DLP) 15.8x, 16.0.x, 16.0.1.x, 16.0.2.x and 16.1.x is vulnerable to CVE-2024-38821.

Environment

15.8x, 16.0.x, 16.0.1.x, 16.0.2.x and 16.1.x

Resolution

This issue is a false-positive, since we do not use WebFlux programming. Additionally, spring-webflux.jar is not included as a part of DLP deployment, and therefore there is no pathway for an attacker to invoke vulnerable functionality.

Powered by Wolken Software