Reference:

More information on this vulnerability can be found at the National Vulnerability Database at the following link;
https://nvd.nist.gov/vuln/detail/CVE-2020-1938

Veritas Desktop and Laptop Option (DLO) is not affected by this vulnerability. The vulnerability can only be exploited if the AJP Port is accessible to untrusted users.

In DLO, the Apache Tomcat server is accessible externally via the Edge Server, when using a Backup Over Internet (BOI) configuration. The Edge Server only accepts Trusted requests, using HTTPS requests and the SSL Protocol. Additionally all clients attempting to connect will be authenticated against the Active Directory using client user credentials, when opening a new session, preventing access by untrusted users.

In a DLO configuration where there is no Edge\BOI Server configuration (i.e. internal communications only), the AJP Port is not utilized and therefore DLO is again not affected by vulnerability.