Harvest Software Change Manager Curl Vulnerability (CVE-2023-38545 & CVE-2023-38546)

search cancel

Harvest Software Change Manager Curl Vulnerability (CVE-2023-38545 & CVE-2023-38546)

book

Article ID: 274808

calendar_today

Updated On:

Products

CA Harvest Software Change Manager CA Harvest Software Change Manager - OpenMake Meister

Issue/Introduction

A high severity vulnerability found in the curl library (libcurl) used by Embedded Entitlement
Manager(EEM) bundled with Harvest V14.5 release.

Environment

Release: v14.5

Cause

https://curl.se/docs/CVE-2023-38545.html

Resolution

This vulnerability applies to Harvest only when it uses certificate based authentication with
Embedded Entitlement Manager (EEM) and specific to V14.5 release only.

EEM product advisory is available here:
https://knowledge.broadcom.com/external/article/274800

Based on further investigation ,it is now concluded that EEM is not using SOCKS5 proxy for connecting to remote hosts. While the version used is vulnerable, they are not exploitable since SOCKS5 proxy is not enabled.

Harvest v14.5 when used with EEM is not impacted with this vulnerability and hence no further action required.

Feedback

thumb_up Yes

thumb_down No

Harvest Software Change Manager Curl Vulnerability (CVE-2023-38545 &amp; CVE-2023-38546)

Article ID: 274808

Updated On:

Products

Issue/Introduction

Environment

Cause

Resolution

Feedback

Harvest Software Change Manager Curl Vulnerability (CVE-2023-38545 & CVE-2023-38546)