CVE-2022-33739 - OpenCVE

CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Ca Clarity

Configuration 1 [-]

OR	cpe:2.3:a:broadcom:ca_clarity::::::::
	cpe:2.3:a:broadcom:ca_clarity:15.9.0:::::::*

No data.

References

Link	Providers
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645

History

No history.

MITRE

Status: PUBLISHED

Assigner: ca

Published: 2022-06-16T21:25:45

Updated: 2024-08-03T08:09:22.687Z

Reserved: 2022-06-15T00:00:00

Link: CVE-2022-33739

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-16T22:15:08.027

Modified: 2022-06-28T15:14:51.497

Link: CVE-2022-33739

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "CA Clarity", "vendor": "n/a", "versions": [{"status": "affected", "version": "15.8 and below, 15.9.0"}]}], "descriptions": [{"lang": "en", "value": "CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system."}], "problemTypes": [{"descriptions": [{"description": "insecure XML parsing", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-16T21:25:45", "orgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f", "shortName": "ca"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@ca.com", "ID": "CVE-2022-33739", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CA Clarity", "version": {"version_data": [{"version_value": "15.8 and below, 15.9.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "insecure XML parsing"}]}]}, "references": {"reference_data": [{"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645", "refsource": "MISC", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:09:22.687Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645"}]}]}, "cveMetadata": {"assignerOrgId": "e291eae9-7c0a-46ac-ba7d-5251811f8b7f", "assignerShortName": "ca", "cveId": "CVE-2022-33739", "datePublished": "2022-06-16T21:25:45", "dateReserved": "2022-06-15T00:00:00", "dateUpdated": "2024-08-03T08:09:22.687Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:ca_clarity:*:*:*:*:*:*:*:*", "matchCriteriaId": "77D285A6-81CF-4787-BAD8-748379103E27", "versionEndIncluding": "15.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:ca_clarity:15.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF0931F9-F4FA-4313-9A3B-EC9C2A21BD1B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system."}, {"lang": "es", "value": "CA Clarity versiones 15.8 y anteriores y 15.9.0, contienen una vulnerabilidad de an\u00e1lisis XML no seguro que podr\u00eda permitir a un atacante remoto visualizar potencialmente el contenido de cualquier archivo del sistema"}], "id": "CVE-2022-33739", "lastModified": "2022-06-28T15:14:51.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-16T22:15:08.027", "references": [{"source": "vuln@ca.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/20645"}], "sourceIdentifier": "vuln@ca.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-91"}], "source": "nvd@nist.gov", "type": "Primary"}]}