Embedded Entitlement Manager (EEM) Curl Vulnerability (CVE-2023-38545 & CVE-2023-38546)

search cancel

Embedded Entitlement Manager (EEM) Curl Vulnerability (CVE-2023-38545 & CVE-2023-38546)

book

Article ID: 274800

calendar_today

Updated On:

Products

CA Service Desk Manager CA Service Management - Service Desk Manager CA Service Catalog CA Application Performance Management (APM / Wily / Introscope) CA Service Operations Insight (SOI) CA Process Automation Base CA Harvest Software Change Manager CA Configuration Automation

Issue/Introduction

A high severity vulnerability found in the curl library (libcurl) .EEM uses libcurl.

Environment

Releases: v12.6.3.0, 12.6.4.0, 12.6.5.0, 12.6.6.0

Cause

https://curl.se/docs/CVE-2023-38545.html

Resolution

Based on review on the usage of the libcurl, EEM is not using SOCKS5 proxy for connecting to remote hosts. While the version used is vulnerable, they are not exploitable since SOCKS5 proxy is not enabled.

Feedback

thumb_up Yes

thumb_down No