DX UIM Curl Vulnerability (CVE-2023-38545 & CVE-2023-38546)
search cancel

DX UIM Curl Vulnerability (CVE-2023-38545 & CVE-2023-38546)


Article ID: 274773


Updated On:


CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)


A high severity vulnerability found in the curl library (libcurl) and curl command tool. DX UIM uses libcurl (but not curl tool) in the monitoring probes listed below:

  • emailgtw using libcurl 7.82.0
  • url_response using libcurl 7.82.0
  • cisco_ucm using libcurl 7.87.0


DX UIM Server with the following probes

  • emailgtw 
  • url_response 
  • cisco_ucm




Based on the initial review on the usage of the libcurl, the mentioned list of probes are not using SOCKS5 proxy for connecting to remote hosts. While the listed probes are vulnerable, they are not exploitable since SOCKS5 proxy is not enabled on these probes.

As a next step, these probes will be updated with the latest recommended version of curl library libcurl 8.4.0.

Additional Information

  1. The following three probes using libcurl are not impacted by these vulnerabilities as per the affected version (libcurl 7.69.0 to and including 8.3.)
  • email_response using libcurl 7.21.6
  • apache using libcurl 7.21.6
  • iis using libcurl 7.61.1


    2. This KB will be updated on a continuous basis as the situation evolves. There is NO Impact on Probes installed along with the DX UIM Server and Operator console of UIM 20.3.x and 20.4.x versions.