Imapct of different CVEs related to third party components used in LiveUpdate Administrator
search cancel

Imapct of different CVEs related to third party components used in LiveUpdate Administrator

book

Article ID: 438720

calendar_today

Updated On:

Products

Endpoint Protection Symantec

Issue/Introduction

You want to know the impact of the vulnerabilities below on Symantec LiveUpdate Administrator (LUA) 

CVE-2026-24880
CVE-2026-25854
CVE-2026-29129
CVE-2026-29145
CVE-2026-29146
CVE-2026-32990
CVE-2026-34483
CVE-2026-34486
CVE-2026-34487
CVE-2026-34500

Resolution

LUA is not impacted by the listed CVE's:-

  • CVE-2026-24880: No impact 
    • LUA is not configured to run under the scenarios required to exploit the vulnerability.
  • CVE-2026-25854: No impact 
    • LUA does not use LoadBalancerDrainingValve.
  • CVE-2026-29129: No impact 
    • LUA does not use weak ciphers
  • CVE-2026-29145: No impact 
    • The required attribute is not used in LUA
  • CVE-2026-29146: No impact 
    • LUA's Tomcat server runs standalone rather than as a clustered server
  • CVE-2026-32990: No impact
    • LUA does not use the settings required for exploitation
  • CVE-2026-34483: No impact 
    • JsonAccessLogValve is not enabled
  • CVE-2026-34486: No impact 
    • EncryptInterceptor is not enabled
  • CVE-2026-34487: No impact
    • Clustering is not enabled
  • CVE-2026-34500:  No impact 
    • The required attribute is not used in LUA.
Powered by Wolken Software