Symantec Security Advisory for cURL CVE-2023-38545
Summary
Symantec, A Division of Broadcom is investigating CVE-2023-38545, which is a vulnerability in cURL.
Affected Product(s)
Agile Requirements Designer (ARD) - https://knowledge.broadcom.com/external/article/274879
CA Harvest Software Change Manager - https://knowledge.broadcom.com/external/article/274808
Client Automation - https://knowledge.broadcom.com/external/article/274804
EEM - https://knowledge.broadcom.com/external/article/274800
Mobile Device Manager - https://knowledge.broadcom.com/external/article/274802
Service Catalog - https://knowledge.broadcom.com/external/article/274800
Service Desk Manager - https://knowledge.broadcom.com/external/article/274800
Service Virtualization (CA Application Test) - https://knowledge.broadcom.com/external/article/274862
Symantec VIP Authentication Hub (separate from Symantec VIP) - https://knowledge.broadcom.com/external/article/275098
Test Data Manager (TDM) - https://knowledge.broadcom.com/external/article/274866
Unified Infrastructure Management (Nimsoft / UIM) - https://knowledge.broadcom.com/external/article/274773
Additional Product Information
The following products are not vulnerable:
2E
Advanced Secure Gateway (ASG)
Application Delivery Analysis
Application Experience Analytics (AXA)
Application Experience Analytics SaaS (AXA)
Application Performance Management (APM)
Application Performance Management SaaS (APM)
Application Synthetic Monitor (ASM)
Application Synthetic Monitor SaaS (ASM)
BCAAA
Business Service Insight
Capacity Manager
CAPKI
CloudSOC Cloud Access Security Broker (CASB)
Cloud Workload Protection (CWP)
Configuration Automation
Content Analysis
Continuous Delivery Director
Continuous Delivery Director SaaS
Critical System Protection (CSP)
Data Center Security (DCS)
Data Loss Prevention (DLP)
Data Loss Prevention Cloud
DX Operational Intelligence
Edge SWG
Email Security.cloud
Ghost Solution Suite
HSM Agent
Industrial Control System Protection (ICSP)
Information Centric Analytics (ICA)
Integrated Secure Gateway (ISG)
IT Analytics (ITA)
IT Asset Manager (ITAM)
IT Management Suite
IT Process Automation (ITPAM)
Layer7 API Developer Portal
Layer7 API Gateway
Layer7 Mobile API Gateway
LiveUpdate Administrator (LUA)
Management Center (MC)
Mirror Gateway
NIM
Nolio Release Automation
PacketShaper (PS) S-Series
Plex
PolicyCenter (PC) S-Series
Reporter
Secure Access Cloud (SAC)
Security Analytics (SA)
Service Operations Insight (SOI)
SSL Visibility (SSLV)
Symantec Advanced Authentication
Symantec Control Compliance Suite (CCS)
Symantec Directory
Symantec Endpoint Detection and Response (EDR) On-premise
Symantec Endpoint Encryption (SEE)
Symantec Endpoint Protection (SEP) Agent
Symantec Endpoint Protection Manager (SEPM)
Symantec Endpoint Security (SES)
Symantec Identity Governance and Administration
Symantec Insight for Private Clouds
Symantec Mail Security for Microsoft Exchange (SMSMSE)
Symantec Messaging Gateway (SMG)
Symantec PGP Solutions
Symantec Privileged Access Manager
Symantec Privileged Access Manager Server Control
Symantec Privileged Identity Manager
Symantec Protection Engine (SPE)
Symantec Protection for SharePoint Servers (SPSS)
Symantec SiteMinder
Symantec VIP
Threat Defense for Active Directory (TDAD)
Web Isolation
The following products are under investigation:
Cloud SWG (WSS)
Cloud Workload Assurance (CWA)
Symantec Endpoint Protection (SEP) for Mobile
References
- cURL Security Advisory - https://curl.se/docs/CVE-2023-38545.html
Revisions
2023-10-11 09:00 PT - Initial Release
2023-10-11 10:30 PT - Multiple products updated
2023-10-12 12:30 PT - Multiple products updated
2023-10-13 13:30 PT - Multiple products updated
2023-10-16 13:30 PT - Industrial Control System Protection moved to "Not Affected"