Do the vulnerabilities CVE-2023-38545 & CVE-2023-38546, related to curl, affect the Identity Governance and Administration products?
vAPP and non-vAPP Identity Suite including Identity Manager, Identity Governance, Identity Portal, and their components.
The IGA Suite of products is not vulnerable to CVE-2023-38545 or CVE-2023-38546.
CVE-2023-38545 is not applicable because the version of curl we use is not susceptible.
CVE-2023-38546 is not applicable because we do not use the function that is responsible for the vulnerability.
If the above CVEs are flagged on your system by vulnerability scans please notify your security team that the IGA products are not susceptible.