Symantec Security Advisory for HTTP2 CVE-2023-44487
22674
05 April 2024
12 October 2023
OPEN
HIGH
Summary
Symantec, A Division of Broadcom is investigating CVE-2023-44487, which is a vulnerability in HTTP/2.
Affected Product(s)
Client Automation - https://knowledge.broadcom.com/external/article/275030
Edge Secure Web Gateway (SWG) and Advanced Secure Gateway (ASG) - https://knowledge.broadcom.com/external/article/274893
IT Asset Manager (ITAM) - https://knowledge.broadcom.com/external/article/275012
IT Process Automation (ITPAM) - https://knowledge.broadcom.com/external/article/275034
Layer7 API Gateway - https://knowledge.broadcom.com/external/article/275070
Service Catalog - https://knowledge.broadcom.com/external/article/275012
Service Desk Manager - https://knowledge.broadcom.com/external/article/275012
Service Operations Insight (SOI) - https://knowledge.broadcom.com/external/article/275192
Service Virtualization (CA Application Test) - https://knowledge.broadcom.com/external/article/275032
Test Data Manager (TDM) - https://knowledge.broadcom.com/external/article/275081
Unified Infrastructure Management (Nimsoft / UIM) - https://knowledge.broadcom.com/external/article/274928
Additional Product Information
The following products are not vulnerable:
2E
Agile Requirements Designer (ARD)
Application Delivery Analysis
Application Experience Analytics (AXA)
Application Experience Analytics SaaS (AXA)
Application Performance Management (APM)
Application Performance Management SaaS (APM)
Application Synthetic Monitor (ASM)
BCAAA
Business Service Insight
CA Harvest Software Change Manager
Capacity Manager
CAPKI
Continuous Delivery Director
Continuous Delivery Director SaaS
CloudSOC Cloud Access Security Broker (CASB)
Cloud SWG (WSS)
Cloud Workload Assurance (CWA)
Cloud Workload Protection (CWP)
Configuration Automation
Content Analysis
Critical System Protection (CSP)
Data Center Security (DCS)
Data Loss Prevention (DLP)
Data Loss Prevention Cloud
DX Operational Intelligence
EEM
Email Security.cloud
Ghost Solution Suite
HSM Agent
Industrial Control System Protection (ICSP)
Information Centric Analytics (ICA)
Integrated Secure Gateway (ISG)
IT Analytics (ITA)
IT Management Suite
Layer7 API Developer Portal
Layer7 Mobile API Gateway
LiveUpdate Administrator (LUA)
Management Center (MC)
Mobile Device Manager
NIM
Nolio Release Automation
PacketShaper (PS) S-Series
Plex
PolicyCenter (PC) S-Series
Reporter
Security Analytics (SA)
SSL Visibility (SSLV)
Symantec Advanced Authentication
Symantec Control Compliance Suite (CCS)
Symantec Directory
Symantec Endpoint Detection and Response (EDR) On-premise
Symantec Endpoint Encryption (SEE)
Symantec Endpoint Protection (SEP) Agent
Symantec Endpoint Protection Manager (SEPM)
Symantec Endpoint Security (SES)
Symantec Insight for Private Clouds
Symantec Mail Security for Microsoft Exchange (SMSMSE)
Symantec Messaging Gateway (SMG)
Symantec PGP Solutions
Symantec Privileged Access Manager
Symantec Privileged Access Manager Server Control
Symantec Privileged Identity Manager
Symantec Protection Engine (SPE)
Symantec Protection for SharePoint Servers (SPSS)
Symantec SiteMinder
Threat Defense for Active Directory (TDAD)
Symantec VIP
Web Isolation
The following products are under investigation:
Mirror Gateway
Secure Access Cloud (SAC)
Symantec Endpoint Protection (SEP) for Mobile
References
- HTTP/2 Security Advisory - https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Revisions
2023-10-12 13:00 PT - Initial Release
2023-10-16 13:30 PT - Multiple products updated