Multiple vulnerabilities in IBM Rational ClearCase



Risk Medium
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2022-27778
CVE-2022-27779
CVE-2022-27780
CVE-2022-27782
CVE-2022-30115
CVE-2022-27774
CWE-ID CWE-664
CWE-200
CWE-20
CWE-303
CWE-319
Exploitation vector Network
Public exploit N/A
Vulnerable software
 IBM Rational ClearCase
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Improper control of a resource through its lifetime

EUVDB-ID: #VU63004

Risk: Low

CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-27778

CWE-ID: CWE-664 - Improper control of a resource through its lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to delete files on the system.

The vulnerability exists in the curl command line tool when --no-clobber is used together with --remove-on-error. A remote attacker can trick the victim to connect to a malicious server and force the command line tool to remove unexpected files.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Rational ClearCase: 8.0.0 - 9.1

CPE2.3 External links

https://www.ibm.com/support/pages/node/6606577


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU63005

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-27779

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name is provided with a trailing dot. As a result, an attacker can create cookie files that are later sent to a different and unrelated site or domain.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Rational ClearCase: 8.0.0 - 9.1

CPE2.3 External links

https://www.ibm.com/support/pages/node/6606577


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU63007

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-27780

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass filters and checks.

The vulnerability exists due to the curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the host name part of a URL, making it a different URL using the wrong host name when it is later retrieved. For example, the URL like http://example.com%2F10.0.0.1/, would be allowed by the parser and get transposed into http://example.com/10.0.0.1/.

A remote attacker can bypass various internal filters and checks and force the curl to connect to a wrong web application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Rational ClearCase: 8.0.0 - 9.1

CPE2.3 External links

https://www.ibm.com/support/pages/node/6606577


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Incorrect Implementation of Authentication Algorithm

EUVDB-ID: #VU63009

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-27782

CWE-ID: CWE-303 - Incorrect Implementation of Authentication Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Rational ClearCase: 8.0.0 - 9.1

CPE2.3 External links

https://www.ibm.com/support/pages/node/6606577


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Cleartext transmission of sensitive information

EUVDB-ID: #VU63011

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-30115

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in HSTS implementation that can allow curl to continue using HTTP protocol instead of HTTPS if the host name in the given URL used a trailing dot while not using one when it built the HSTS cache. A remote attacker with ability to intercept traffic can obtain potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Rational ClearCase: 8.0.0 - 9.1

CPE2.3 External links

https://www.ibm.com/support/pages/node/6606577


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU62641

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-27774

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to curl attempts to follow redirects during authentication process and does not consider different port numbers or protocols to be separate authentication targets. If the web application performs redirection to a different port number of protocol, cURL will allow such redirection and will pass credentials. It could also leak the TLS SRP credentials this way.

By default, curl only allows redirects to HTTP(S) and FTP(S), but can be asked to allow redirects to all protocols curl supports.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Rational ClearCase: 8.0.0 - 9.1

CPE2.3 External links

https://www.ibm.com/support/pages/node/6606577


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###