Security scan found libcurl package is lower than recommended version of 8.4.0.

• libcurl 7.69 < 8.4.0 Heap Buffer Overflow Path: /opt/vmware/vlcm/blackstone/ovft/libcurl.so.4 Critical CVE-2023-38545
• libcurl 7.9.1 < 8.4.0 Cookie Injection Path: /opt/vmware/vlcm/blackstone/ovft/libcurl.so.4 Low CVE-2023-38546

VMware Aria Suite Lifecycle 8.16 (formerly VMware vRealize Suite Lifecycle Manager vrslcm).

The current installed version of libcurl is 8.1.2-5.ph3. 
NOTE: Photon OS versions of common packages will differ from main branch builds. The Photon OS team maintains a branch of the included packages.

This CVE is already fixed in the latest environment.

The security scan is referring to main branch builds of libcurl which are not used in Photon appliances resulting in a false positive.

libcurl 8.1.2-5.ph3 already contains the fixes for CVE-2023-38545 and CVE-2023-38546 (Please refer to Photon Security Update 3.0 667)