⚠️ OPSWAT Central Management v7 and My OPSWAT On-Premises (My OPSWAT Central Management v8) will reach End of Sale on July 31, 2025, and End of Life on January 31, 2027. We encourage you to upgrade to My OPSWAT Central Management v10 before Janauary 31, 2027, to ensure continued support and access to the latest features.

Does a CVE affect OPSWAT Central Management?

In today's rapidly evolving digital landscape, understanding the impact of security vulnerabilities is more crucial than ever. The Common Vulnerabilities and Exposures (CVE) list is an invaluable resource for identifying potential security risks associated with software products. This article provides a comprehensive overview of various CVEs, helping you determine whether OPSWAT Central Management is affected. By staying informed about these vulnerabilities, you can take proactive measures to protect your systems and data from potential threats.

CVESummary
CVE-2024-24549OPSWAT Central Management currently contains a tomcat version higher than 9.0.86, which is not affected by this vulnerability (the vulnerability was fixed in 9.0.86).
CVE-2024-23672OPSWAT Central Management currently contains a tomcat version higher than 9.0.86, which is not affected by this vulnerability (the vulnerability was fixed in 9.0.86)
CVE-2024-38828OPSWAT Central Management is not impacted by CVE-2024-38828. This CVE describe that Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. OPSWAT Central Management is not impacted by this CVE as do not use @RequestBody byte[].
CVE-2024-56337This vulnerability require a non-default configuration (default servlet set to allow write), which OPSWAT Central Management does not use.
CVE-2024-50379This vulnerability require a non-default configuration (default servlet set to allow write), which OPSWAT Central Management does not use.
CVE-2024-50379 CVE-2024-56337These CVEs require a non-default configuration where the DefaultServlet is set to allow write operations. OPSWAT Central Management does not enable this configuration, thus is not vulnerable.
CVE-2024-54677This CVE involves the Tomcat examples web application, which is removed from the Tomcat distribution bundled with OPSWAT Central Management, eliminating the attack vector.

If Further Assistance is required, please proceed to log a support case or chat with our support engineer.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard