Free Edition No, Desktop Central is not vulnerable to CVE-2020-11996 vulnerability. Read the document fully for further details.
A specifc sequence of HTTP/2 requests sent to Apache Tomcat 8.5.55 and below, could initiate high CPU usage for several seconds in the server machine, that could render the server unresponsive.
CVE-2020-11996 will not affect Desktop Central as HTTP/2 requests are not used.
Although the Desktop Central is not vulnerable to this CVE, we'll be upgrading to the latest Apache Tomcat version during our regular third-party components upgrade cycle.