2023: Security Advisory: CURL/LibCURL Vulnerabilities

Owned by Jason Apel, created
Last updated: Nov 15, 2023
1 min read

Summary

Curl/LibCurl Vulnerabilities multiple vulnerabilities reported.

Advisory release date

Oct 11, 2023

Product

  • uniFLOW Online

  • uniFLOW Server

  • sysHub

  • Internal Customer Hosted Services

CVE

CVE-2023-38545
CVE-2023-38546
CVE-2023-38039

Severity

The severity varies based on the below vulnerabilities.

  • CVE-2023-38545: HIGH

  • CVE-2023-38546: MEDIUM

  • CVE-2023-38039: LOW

Summary of Vulnerability

CURL libraries are used extensively in web development for almost 25 years. There are many versions and libraries with these vulnerabilities only impacted a subset of this.

Impact

NT-ware IT Operations and the Development teams have reviewed our products and services and concluded that we are not impacted by these CVE’s as we are either not using the library directly or are on a patched version.