Symantec Security Advisory for HTTP2 CVE-2023-44487

CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

3 more products

22674

19 July 2024

12 October 2023

OPEN

HIGH

Summary

Symantec, A Division of Broadcom is investigating CVE-2023-44487, which is a vulnerability in HTTP/2. 

Affected Product(s)

Client Automation - https://knowledge.broadcom.com/external/article/275030
Edge Secure Web Gateway (SWG) and Advanced Secure Gateway (ASG) - https://knowledge.broadcom.com/external/article/274893
IT Asset Manager (ITAM) - https://knowledge.broadcom.com/external/article/275012
IT Process Automation (ITPAM) - https://knowledge.broadcom.com/external/article/275034
Layer7 API Gateway - https://knowledge.broadcom.com/external/article/275070
Service Catalog - https://knowledge.broadcom.com/external/article/275012
Service Desk Manager - https://knowledge.broadcom.com/external/article/275012
Service Operations Insight (SOI) - https://knowledge.broadcom.com/external/article/275192
Service Virtualization (CA Application Test) - https://knowledge.broadcom.com/external/article/275032
Test Data Manager (TDM) - https://knowledge.broadcom.com/external/article/275081
Unified Infrastructure Management (Nimsoft / UIM) - https://knowledge.broadcom.com/external/article/274928

 

Additional Product Information

The following products are not vulnerable:

2E
Agile Requirements Designer (ARD)
Application Delivery Analysis
Application Experience Analytics (AXA)
Application Experience Analytics SaaS (AXA)
Application Performance Management (APM)
Application Performance Management SaaS (APM)
Application Synthetic Monitor (ASM) 
BCAAA
Business Service Insight
CA Harvest Software Change Manager
Capacity Manager
CAPKI
Continuous Delivery Director
Continuous Delivery Director SaaS
CloudSOC Cloud Access Security Broker (CASB)
Cloud SWG (WSS)
Cloud Workload Assurance (CWA)
Cloud Workload Protection (CWP)
Configuration Automation
Content Analysis
Critical System Protection (CSP)
Data Center Security (DCS)
Data Loss Prevention (DLP)
Data Loss Prevention Cloud
DX Operational Intelligence
EEM
Email Security.cloud
Ghost Solution Suite
HSM Agent
Industrial Control System Protection (ICSP)
Information Centric Analytics (ICA)
Integrated Secure Gateway (ISG)
IT Analytics (ITA)
IT Management Suite
Layer7 API Developer Portal
Layer7 Mobile API Gateway
LiveUpdate Administrator (LUA)
Management Center (MC)
Mirror Gateway 
Mobile Device Manager
NIM
Nolio Release Automation
PacketShaper (PS) S-Series
Plex
PolicyCenter (PC) S-Series
Reporter
Secure Access Cloud (SAC)   
Security Analytics (SA)
SSL Visibility (SSLV)
Symantec Advanced Authentication
Symantec Control Compliance Suite (CCS)
Symantec Directory
Symantec Endpoint Detection and Response (EDR) On-premise
Symantec Endpoint Encryption (SEE)
Symantec Endpoint Protection (SEP) Agent
Symantec Endpoint Protection Manager (SEPM)
Symantec Endpoint Security (SES)
Symantec Insight for Private Clouds
Symantec Mail Security for Microsoft Exchange (SMSMSE)
Symantec Messaging Gateway (SMG)
Symantec PGP Solutions
Symantec Privileged Access Manager
Symantec Privileged Access Manager Server Control
Symantec Privileged Identity Manager
Symantec Protection Engine (SPE)
Symantec Protection for SharePoint Servers (SPSS)
Symantec SiteMinder
Threat Defense for Active Directory (TDAD)
Symantec VIP
Web Isolation

The following products are under investigation:

Symantec Endpoint Protection (SEP) for Mobile

References

  • HTTP/2 Security Advisory - https://nvd.nist.gov/vuln/detail/CVE-2023-44487

Revisions

2023-10-12 13:00 PT - Initial Release
2023-10-16 13:30 PT - Multiple products updated