CA Client Automation Curl Vulnerability (CVE-2023-38545 & CVE-2023-38546)
search cancel

CA Client Automation Curl Vulnerability (CVE-2023-38545 & CVE-2023-38546)

book

Article ID: 274804

calendar_today

Updated On:

Products

CA Client Automation CA Client Automation - Asset Intelligence CA Client Automation - Asset Management CA Client Automation - Desktop Migration Manager CA Client Automation - IT Client Manager CA Client Automation - Patch Manager CA Client Automation - Remote Control CA Client Automation - Software Delivery

Issue/Introduction

high severity vulnerability found in the curl library (libcurl) and ITCM uses libcurl.

 

Environment

Releases: 14.5 CU6

Cause

https://curl.se/docs/CVE-2023-38545.html

Resolution

More details of the vulnerability CVE-2023-38545

The following media doesn't have the vulnerable version of the curl. Any ITCM components installed using the below media are not impacted.

14.5 GA DVD1
14.5 GA DVD2
14.5 GA CU1

The following media contains a vulnerable version of curl.

14.5 CU2 - AM Xen Inventory module uses curl 7.79.0
14.5 CU3 - AM Xen Inventory module and ENC client uses curl 7.79.0
14.5 CU4 - AM Xen Inventory module and ENC client uses curl 7.79.0
14.5 CU5 - AM Xen Inventory module and ENC client uses curl 7.85.0
14.5 CU6 - AM Xen Inventory module and ENC client uses curl 7.85.0

Below patches are published as part of ITCM certification on Linux platforms.

99111801 - 14.5.0.550 (64bit) uses curl 7.85.0
99111800 - 14.5.0.550 (32bit) uses curl 7.85.0

 

This vulnerability has been addressed by upgrading the CURL version to 8.4.0.
 
To upgrade CURL on CA Client Automation windows platform, Download and apply 99111973 patch.
To upgrade CURL on CA Client Automation Linux platform, Download and apply 99111975 patch.
Powered by Wolken Software