Is CA Embedded Entitlements Manager (EEM) impacted by these vulnerabilities were found in the libcurl librar, CVE-2023-38545 & CVE-2023-38546?

NOTE: Not affected versions of libcurl are: <7.69.0 and >=8.4.0

Versions 12.6.3.0, 12.6.4.0, 12.6.5.0, 12.6.6.0

CVE-2023-38545 - Based on the initial review on the usage of the libcurl, EEM is not using SOCKS5 proxy for connecting to remote hosts. While the version used is vulnerable, they are not exploitable since SOCKS5 proxy is not enabled.

CVE-2023-38546 - EEM is not impacted by CVE-2023-38546. EEM's use of the libcurl API does not meet the specific set of conditions that would allow an attacker to exploit this vulnerability.

Additional information Clients may ask about CVE-2023-38546:

libcurl Version: What version of libcurl is bundled with EEM? EEM 12.6.6 has libcurl 7.88.1
Usage of curl_easy_duphandle(): Does EEM use the curl_easy_duphandle() API? EEM doesn't use curl_easy_duphandle
Cookie Handling:
Are cookies enabled in any libcurl operations? EEM libcurl functionality doesn't use cookies
Is there any logic that could result in loading cookies from a file named none? EEM libcurl functionality doesn't use cookies 

One can upgrade EEM to latest version available now, 12.6.9.0  which has libcurl 8.11.0  as well as several other 3rd party modules upgraded in it.