Symantec Security Advisory for cURL CVE-2023-38545

CA 2E

90 more products

22658

06 November 2023

11 October 2023

OPEN

HIGH

Summary

Symantec, A Division of Broadcom is investigating CVE-2023-38545, which is a vulnerability in cURL.

 

Affected Product(s)

Agile Requirements Designer (ARD) - https://knowledge.broadcom.com/external/article/274879
CA Harvest Software Change Manager - https://knowledge.broadcom.com/external/article/274808
Client Automation - https://knowledge.broadcom.com/external/article/274804 
EEM - https://knowledge.broadcom.com/external/article/274800 
Mobile Device Manager - https://knowledge.broadcom.com/external/article/274802 
Service Catalog - https://knowledge.broadcom.com/external/article/274800 
Service Desk Manager - https://knowledge.broadcom.com/external/article/274800
Service Virtualization (CA Application Test) - https://knowledge.broadcom.com/external/article/274862
Symantec VIP Authentication Hub (separate from Symantec VIP) - https://knowledge.broadcom.com/external/article/275098
Test Data Manager (TDM) - https://knowledge.broadcom.com/external/article/274866
Unified Infrastructure Management (Nimsoft / UIM) - https://knowledge.broadcom.com/external/article/274773  

 

Additional Product Information

The following products are not vulnerable:

2E
Advanced Secure Gateway (ASG)
Application Delivery Analysis
Application Experience Analytics (AXA)
Application Experience Analytics SaaS (AXA)
Application Performance Management (APM)
Application Performance Management SaaS (APM)
Application Synthetic Monitor (ASM)
Application Synthetic Monitor SaaS (ASM)
BCAAA
Business Service Insight
Capacity Manager
CAPKI
CloudSOC Cloud Access Security Broker (CASB)
Cloud Workload Protection (CWP)
Configuration Automation
Content Analysis
Continuous Delivery Director

Continuous Delivery Director SaaS
Critical System Protection (CSP)
Data Center Security (DCS)
Data Loss Prevention (DLP)
Data Loss Prevention Cloud

DX Operational Intelligence
Edge SWG
Email Security.cloud
Ghost Solution Suite
HSM Agent
Industrial Control System Protection (ICSP)
Information Centric Analytics (ICA)
Integrated Secure Gateway (ISG)
IT Analytics (ITA)

IT Asset Manager (ITAM)
IT Management Suite
IT Process Automation (ITPAM) 
Layer7 API Developer Portal
Layer7 API Gateway
Layer7 Mobile API Gateway
LiveUpdate Administrator (LUA)
Management Center (MC)
Mirror Gateway

NIM
Nolio Release Automation
PacketShaper (PS) S-Series
Plex
PolicyCenter (PC) S-Series
Reporter
Secure Access Cloud (SAC)

Security Analytics (SA)
Service Operations Insight (SOI)
SSL Visibility (SSLV)

Symantec Advanced Authentication
Symantec Control Compliance Suite (CCS) 
Symantec Directory
Symantec Endpoint Detection and Response (EDR) On-premise

Symantec Endpoint Encryption (SEE)
Symantec Endpoint Protection (SEP) Agent
Symantec Endpoint Protection Manager (SEPM)
Symantec Endpoint Security (SES)

Symantec Identity Governance and Administration
Symantec Insight for Private Clouds
Symantec Mail Security for Microsoft Exchange (SMSMSE)

Symantec Messaging Gateway (SMG)
Symantec PGP Solutions
Symantec Privileged Access Manager
Symantec Privileged Access Manager Server Control
Symantec Privileged Identity Manager
Symantec Protection Engine (SPE)
Symantec Protection for SharePoint Servers (SPSS)

Symantec SiteMinder
Symantec VIP
Threat Defense for Active Directory (TDAD)
Web Isolation

The following products are under investigation:

Cloud SWG (WSS)
Cloud Workload Assurance (CWA)
Symantec Endpoint Protection (SEP) for Mobile

References

  • cURL Security Advisory - https://curl.se/docs/CVE-2023-38545.html

Revisions

2023-10-11 09:00 PT - Initial Release
2023-10-11 10:30 PT - Multiple products updated
2023-10-12 12:30 PT - Multiple products updated
2023-10-13 13:30 PT - Multiple products updated
2023-10-16 13:30 PT - Industrial Control System Protection moved to "Not Affected"