Free Edition No, Desktop Central is not vulnerable to CVE-2020-11993 vulnerability. Read the document fully for further details.
Enabling Trace/Debug for the HTTP/2 module in certain traffic edge patterns, causes logging statements to be made on wrong connections resulting into concurrent use of memory. This is applicable for Apache HTTP versions 2.4.20 to 2.4.43.
CVE-2020-11993 will not affect Desktop Central as HTTP/2 requests are not used.
Although the Desktop Central is not vulnerable to this CVE, we'll be upgrading to the latest Apache version during our regular third-party components upgrade cycle.