cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security Advisory: Revenera's Product Assessment and Response to cURL Vulnerabilities CVE-2023-38545 and CVE-2023-38546

cvirata
Revenera Community Admin Revenera Community Admin
Revenera Community Admin
3 3 2,181

(Latest Update 2023-Nov-17 17:47 CDT)

The cURL 8.4.0 patch has been released and we're continuing to assess Revenera product impact and if any remediation work is required.

If you need to patch cURL on your own servers or environment, the patch files are available at https://curl.se/download.html.

Revenera Product Assessment

Product cURL present in Product Present in Product Version or Component Mitigation / Fixed Version Notes
Installation
InstallAnywhere No None NA  
InstallShield Yes 2023 R1 2023 R2 Updated impacted sub-module in latest release.

Download remediated versions from Product and License Center
 
Software Composition Analysis
Code Insight No None NA  
SBOM Insights No None NA  
 
Software Monetization
Cloud Licensing (CLS) No None NA  
Compliance Intelligence (RCI) No None NA  
FlexNet Embedded - License Server Manager (FLSM) No None NA  
FlexNet Embedded - Local License Server (LLS) No None NA  
FlexNet Embedded SDK Yes

C-XT: All versions

Non C-XT: Versions prior 2023.09

C-XT: FlexNet Embedded 2023.09.1

Non C-XT: FlexNet Embedded 2023.09

Download remediated versions from Product and License Center
FlexNet Operations - ALM No None NA  
FlexNet Operations - LLM No None NA  
FlexNet Operations On-Premise No None NA  
FlexNet Publisher No None NA  
Usage Intelligence (RUI) No None NA  

 

The information on this page reflects:

  • The assessed status of all versions of Revenera’s products that are still supported (that is, they have not yet reached their End of Life). Product lifecycle dates can be found at https://docs.revenera.com/eol/default.htm.

Related Information

Change Log

  • 2023-12-7 13:11 CDT: Published final product assessment.
  • 2023-10-10 13:03 CDT: Initial advisory posted.
  • 2023-10-11 18:07 CDT: Update regarding cURL 8.4.0 patch and ongoing product assessment.
  • 2023-10-12 11:13 CDT: Published initial product assessment.
  • 2023-10-18 13:38 CDT: Updated assessment for FlexNet Embedded LLS and Usage Intelligence products to not affected.
  • 2023-10-26 09:55 CDT: Updated assessment for FlexNet Operations Cloud ALM to not affected.
  • 2023-11-17 17:47 CDT: Updated product assessment for FlexNet Embedded. 

Initial Advisory (posted on Oct 10, 2023 11:03 AM)

We are aware of the recent cURL security vulnerabilities (CVE-2023-38545 and CVE-2023-38546) and are assessing which of our products may be impacted.

Once specific details regarding the impacted versions of cURL are released on October 11th, we will reconcile that with our analysis and provide further updates on any necessary remediation work. Please subscribe to this page to be notified of subsequent updates.

Thank you for your patience.

Tags (1)
(3) Comments