Headline
CVE-2022-33739: Support Content Notification - Support Portal - Broadcom support portal
CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system.
CA20220616-01: Security Notice for CA Clarity
CA20220616-01: Security Notice for CA Clarity
Issued: June 16th, 2022
CA Technologies, A Broadcom Company, is alerting customers to a vulnerability in CA Clarity. A vulnerability exists that can allow a remote attacker to access sensitive data. CA has published solutions to address this vulnerability and recommends that all affected customers implement these solutions.
The vulnerability, CVE-2022-33739, occurs due to insecure XML parsing. A remote attacker can potentially view the contents of any file on the system.
Risk Rating
CVE-2022-33739 - Medium
Platform(s)
All
Affected Products
CA Clarity 15.8 and below
CA Clarity 15.9.0
Non-Affected Products
CA Clarity 15.8.1 and above
CA Clarity 15.9.0.1 and above
How to determine if the installation is affected
Check the product version and hotfix level.
https://knowledge.broadcom.com/external/article/190147/how-to-determine-the-current-version-of.html
Solution
CA Technologies published the following solutions to address the vulnerabilities:
Upgrade to 15.9.0.1 or later.
The latest release is Clarity 16.0.2.
How to determine if the fix is applied
Check the product version and hotfix level.
https://knowledge.broadcom.com/external/article/190147/how-to-determine-the-current-version-of.html
References
CVE-2022-33739 - CA Clarity XXE vulnerability
Acknowledgement
CVE-2022-33739 - Michał Skowron (ING Hubs Poland)
Change History
Version 1.0: 2022-06-16 - Initial Release
CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.
Customers who require additional information about this notice may contact CA Technologies Support at https://support.broadcom.com/.
To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response Team.
Copyright © 2022 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connecting everything, CA Technologies and the CA technologies logo are among the trademarks of Broadcom. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.