CVE-2023-38546 vulnerability
search cancel

CVE-2023-38546 vulnerability


Article ID: 277709


Updated On:


CA Application Performance Management (APM / Wily / Introscope)


Is /opt/wily/PostgreSQL-9.6.2/lib/ vulnerable to CVE-2023-38546?  Will Postgres still work if we zip that file?

A security scan flagged this file as vulnerable to Nessus Plugin 182873 libcurl 7.9.1 < 8.4.0 Cookie Injection CVE-2023-38546.  Using  CA Wily Introscope (Build 990301) on RHEL 7.9.


You will have to test this out. But it should not be needed per below.

Engineering believes that Postgres should fine without the file.  That file is only used by ./stackbuilder/bin/stackbuilder executable and is a tool to customize the PostgreSQL instance which is not something you would be typically doing as a user.