If any application utilizes the curl function curl_easy_getinfo() function with the CURLINFO_CERTINFO option, then it can encounter CVE-2024-7264.

Is Identity Manager impacted by CVE-2024-7264 libcurl vulnerability?

Identity Manager

We confirmed in our code branches that IDM does not use this particular method. There is no impact to IDM or this vulnerability.

For IM 14.5.x 

Provisioning Server - the libcurl.dll/libcurl.so version 7.53.1 found under the Provisioning Server installation is required but as mentioned above not impacted by the vulnerability.  No further work by Engineering is planned.

Remote C++ Connector Server - the libcurl.dll version 7.53.1 found under the remote C++ Connector Server is not required and can be removed/renamed. No further work by Engineering is planned.

For IM 15 

Provisioning Server - the libcurl.dll/libcurl.so found under the Provisioning Server installation is required and has been updated to version 8.14.1. No further work by Engineering is planned.

Remote C++ Connector Server - the libcurl.dll version 7.53.1 found under the remote C++ Connector Server is not required and can be removed/renamed. Engineering will decide if this copy should be updated to version 8.14.1 also or just removed from the package instead.