Is Symantec Liveupdate Administrator vulnerable to CVE-2023-41080, CVE-2024-21733, CVE-2023-24998, CVE-2023-28708?

Is Symantec Liveupdate Administrator vulnerable to CVE-2023-41080, CVE-2024-21733, CVE-2023-24998, CVE-2023-28708?

search cancel

Is Symantec Liveupdate Administrator vulnerable to CVE-2023-41080, CVE-2024-21733, CVE-2023-24998, CVE-2023-28708?

book

Article ID: 435643

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Is Symantec Liveupdate Administrator vulnerable to CVE-2023-41080, CVE-2024-21733, CVE-2023-24998, CVE-2023-28708?

Resolution

CVE-2023-41080: No impact. LUA does not deploy the default root application

CVE-2024-21733: No impact. LUA does not use Apache's error message handling; it utilizes a proprietary error handling module to manage sensitive information

CVE-2023-24998: No impact. The latest release of LUA does not use commons-fileupload 1.5

CVE-2023-28708: No impact. The latest release of LUA does not use the impacted version of Tomcat. Additionally, LUA's Tomcat instance is not configured for RemoteIpFilter or RemoteIpValve.

Feedback

thumb_up Yes

thumb_down No