Dear Symantec Advanced Authentication customer,

The purpose of this advisory is to inform you of a recently identified Progress DataDirect ODBC driver vulnerability that affects the Symantec Advanced Authentication product. Please read this advisory and follow the instructions below to avoid being impacted by this problem.   

Reason for the Notice: 

Progress Software has reported the following vulnerabilities in their DataDirect ODBC drivers:

• CVE-2023-34364(CRITICAL) 
• CVE-2023-34363  (MEDIUM).

Product and version affected: 

Symantec Advanced Authentication versions: 9.1, 9.1.01, 9.1.02, 9.1.03, 9.1.04

Impact of reported vulnerability on Symantec Advanced Authentication Deployment:

Symantec Advanced Authentication uses the Progress DataDirect ODBC drivers to communicate with ODBC databases. Since these drivers are embedded in the product, your deployment is subject to the noted vulnerabilities and you are required to apply a patch that fixes these vulnerabilities. 

The noted vulnerability doesn't impact the customers using MSSQL Server Database, and not required to apply the fix.

Solution:

Progress Software has upgraded the DataDirect ODBC driver to address the reported security vulnerabilities. The Symantec Advanced Authentication product team has developed a patch to resolve the noted vulnerability by replacing the vulnerable DataDirect ODBC driver with the patched driver in all affected versions. The Symantec Advanced Authentication patch is available for versions 9.1, 9.1.01, 9.1.02, 9.1.03, and 9.1.04 for all its customers.

What you should do:

You can download the patch named Symantec-AdvAuth-9.1.x-DE572366-DDODBCDriversUpgrade from the support website at https://support.broadcom.com/ My Downloads. 

Broadcom Software customers may receive product alerts and advisories by subscribing to Proactive Notifications.

If you have questions, please contact Broadcom Support https://support.broadcom.com/.

Thank you again for your business.