- Revenera Community
- :
- Revenera Company
- :
- Revenera Company News
- :
- Security Advisory: Revenera's Product Assessment and Response to cURL Vulnerabilities CVE-2023-38545...
Security Advisory: Revenera's Product Assessment and Response to cURL Vulnerabilities CVE-2023-38545 and CVE-2023-38546
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
(Latest Update 2023-Nov-17 17:47 CDT)
The cURL 8.4.0 patch has been released and we're continuing to assess Revenera product impact and if any remediation work is required.
If you need to patch cURL on your own servers or environment, the patch files are available at https://curl.se/download.html.
Revenera Product Assessment
Product | cURL present in Product | Present in Product Version or Component | Mitigation / Fixed Version | Notes |
Installation | ||||
InstallAnywhere | No | None | NA | |
InstallShield | Yes | 2023 R1 | 2023 R2 | Updated impacted sub-module in latest release. Download remediated versions from Product and License Center |
Software Composition Analysis | ||||
Code Insight | No | None | NA | |
SBOM Insights | No | None | NA | |
Software Monetization | ||||
Cloud Licensing (CLS) | No | None | NA | |
Compliance Intelligence (RCI) | No | None | NA | |
FlexNet Embedded - License Server Manager (FLSM) | No | None | NA | |
FlexNet Embedded - Local License Server (LLS) | No | None | NA | |
FlexNet Embedded SDK | Yes |
C-XT: All versions Non C-XT: Versions prior 2023.09 |
C-XT: FlexNet Embedded 2023.09.1 Non C-XT: FlexNet Embedded 2023.09 |
Download remediated versions from Product and License Center |
FlexNet Operations - ALM | No | None | NA | |
FlexNet Operations - LLM | No | None | NA | |
FlexNet Operations On-Premise | No | None | NA | |
FlexNet Publisher | No | None | NA | |
Usage Intelligence (RUI) | No | None | NA |
The information on this page reflects:
- The assessed status of all versions of Revenera’s products that are still supported (that is, they have not yet reached their End of Life). Product lifecycle dates can be found at https://docs.revenera.com/eol/default.htm.
Related Information
- GitHub Announcement of cURL Vulnerabilities
- https://curl.se/docs/CVE-2023-38545.html
- https://curl.se/docs/CVE-2023-38546.html
Change Log
- 2023-12-7 13:11 CDT: Published final product assessment.
- 2023-10-10 13:03 CDT: Initial advisory posted.
- 2023-10-11 18:07 CDT: Update regarding cURL 8.4.0 patch and ongoing product assessment.
- 2023-10-12 11:13 CDT: Published initial product assessment.
- 2023-10-18 13:38 CDT: Updated assessment for FlexNet Embedded LLS and Usage Intelligence products to not affected.
- 2023-10-26 09:55 CDT: Updated assessment for FlexNet Operations Cloud ALM to not affected.
- 2023-11-17 17:47 CDT: Updated product assessment for FlexNet Embedded.
Initial Advisory (posted on Oct 10, 2023 11:03 AM)
We are aware of the recent cURL security vulnerabilities (CVE-2023-38545 and CVE-2023-38546) and are assessing which of our products may be impacted.
Once specific details regarding the impacted versions of cURL are released on October 11th, we will reconcile that with our analysis and provide further updates on any necessary remediation work. Please subscribe to this page to be notified of subsequent updates.
Thank you for your patience.