Free Edition Yes, Desktop Central is vulnerable to CVE-2020-13935 vulnerability. Read the document fully for further details.
The payload length in a WebSocket frame was not vaildated properly. Invalid payload lengths could trigger an infinite loop. If the number of such requests reach a particular target, it could lead to Denial of Service (DoS). This affects Apache Tomcat 8.5.0 to 8.5.56.
CVE-2020-13935 affects Desktop Central as WebSocket frames are used during requests.
Since Desktop Central is vulnerable to this CVE, it is categorised as high priortity, and we'll be upgrading to the latest Apache Tomcat version at the earliest.