SUSE Security Vulnerability | CVE: CVE-2023-38546
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Conditions: 8.7 SP2
CVE Identifier(s)
Article Summary
CVE: CVE-2023-38546:
- The version of libcurl installed on the remote host is affected by a cookie injection vulnerability. This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met.
- Current AM version : libcurl4-7.66.0-150200.4.57.1
- SUSE score : 4.5
- https://www.suse.com/security/cve/CVE-2023-38546.html
- SUSE Linux Enterprise Server 15 SP3 and LTSS are effected. There is no update available in the SUSE repo yet.
Resolution
- SUSE Linux Enterprise Server 15 SP3 and LTSS are effected. There is no update available in the SUSE repo yet.
- SUSE did not release a fix for this issue, RSA is waiting for a fix from SUSE and no we have no workaround except waiting for a fix from SUSE
Disclaimer
Related Articles
Does CVS cache CRLs? in RSA Certificate Verification Server 1.0 Number of Views Apache Struts 2 Remote Code Execution Vulnerability (CVE-2018-11776): Impact on RSA products Number of Views RSA Customer Advisory: Spring Framework Spring4Shell Vulnerabilities CVE-2022-22965 CVE-2022-22950 CVE-2022-22963 Number of Views Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on RSA products Number of Views RSA Customer Advisory: OpenSSL 3.0.7 Security Patch CVE 2022-3786 CVE-2022-3602 Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
