CVE-2023-38545 & CVE-2023-38546 (curl vulnerabilities): Are the Identity Governance and Administration components vulnerable?
search cancel

CVE-2023-38545 & CVE-2023-38546 (curl vulnerabilities): Are the Identity Governance and Administration components vulnerable?

book

Article ID: 274801

calendar_today

Updated On:

Products

CA Identity Governance CA Identity Manager CA Identity Portal CA Identity Suite

Issue/Introduction

Do the vulnerabilities CVE-2023-38545 & CVE-2023-38546, related to curl, affect the Identity Governance and Administration products?

Environment

vAPP and non-vAPP Identity Suite including Identity Manager, Identity Governance, Identity Portal, and their components.

Resolution

The IGA Suite of products is not vulnerable to CVE-2023-38545 or CVE-2023-38546.

CVE-2023-38545 is not applicable because the version of curl we use is not susceptible.

CVE-2023-38546 is not applicable because we do not use the function that is responsible for the vulnerability.

If the above CVEs are flagged on your system by vulnerability scans please notify your security team that the IGA products are not susceptible.