SUSE Security Vulnerability | CVE: CVE-2023-38546
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Conditions: 8.7 SP2
CVE Identifier(s)
Article Summary
CVE: CVE-2023-38546:
- The version of libcurl installed on the remote host is affected by a cookie injection vulnerability. This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met.
- Current AM version : libcurl4-7.66.0-150200.4.57.1
- SUSE score : 4.5
- https://www.suse.com/security/cve/CVE-2023-38546.html
- SUSE Linux Enterprise Server 15 SP3 and LTSS are effected. There is no update available in the SUSE repo yet.
Resolution
- SUSE Linux Enterprise Server 15 SP3 and LTSS are effected. There is no update available in the SUSE repo yet.
- SUSE did not release a fix for this issue, RSA is waiting for a fix from SUSE and no we have no workaround except waiting for a fix from SUSE
Disclaimer
Related Articles
CERT/CC Vulnerability Note VU#475445: Potential Impact on RSA Products Number of Views CERT/CC Vulnerability Note VU#144389: Potential Impact on RSA Products Number of Views Character string buffer too small when access view V_AV_DB_TIMEZONE in RSA Identity Governance and Lifecycle Number of Views Bash bug Vulnerability (Shellshock) in RSA products Number of Views KCA Apache web server showing security vulnerability with scan due patch level/version Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Quick Setup Guide - Connect Authentication Manager to Cloud Authentication Service RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager Patch Updates Downloading RSA Authentication Manager license files or RSA Software token seed records
Don't see what you're looking for?
