Multiple vulnerabilities in IBM Spectrum Copy Data Management
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2022-27782 CVE-2022-27774 CVE-2021-22947 CVE-2022-22576 CVE-2022-27776 CVE-2021-22946 |
| CWE-ID | CWE-303 CWE-200 CWE-345 CWE-287 CWE-319 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM Spectrum Copy Data Management Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Incorrect Implementation of Authentication Algorithm
EUVDB-ID: #VU63009
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-27782
CWE-ID:
CWE-303 - Incorrect Implementation of Authentication Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.
Install update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.2:*:*:*:*:*:*:*
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-libcurl-may-affect-ibm-spectrum-copy-data-management-cve-2022-27782-cve-2022-27774-cve-2021-22947-cve-2022-22576-cve-2022-27776-cve-2021-22946/
https://www.ibm.com/support/pages/node/6620213
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU62641
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-27774
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to curl attempts to follow redirects during authentication process and does not consider different port numbers or protocols to be separate authentication targets. If the web application performs redirection to a different port number of protocol, cURL will allow such redirection and will pass credentials. It could also leak the TLS SRP credentials this way.
By default, curl only allows redirects to HTTP(S) and FTP(S), but can be asked to allow redirects to all protocols curl supports.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.2:*:*:*:*:*:*:*
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-libcurl-may-affect-ibm-spectrum-copy-data-management-cve-2022-27782-cve-2022-27774-cve-2021-22947-cve-2022-22576-cve-2022-27776-cve-2021-22946/
https://www.ibm.com/support/pages/node/6620213
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insufficient verification of data authenticity
EUVDB-ID: #VU56615
Risk: Medium
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-22947
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists in the way libcurl handles the STARTTLS negotiation process. When curl connects to an IMAP, POP3, SMTP or FTP server to exchange data securely using STARTTLS to upgrade the connection to TLS level, the server can still respond and send back multiple responses before the TLS upgrade. Such multiple "pipelined" responses are cached by curl. curl would then upgrade to TLS but not flush the in-queue of cached responses and instead use and trust the responses it got before the TLS handshake as if they were authenticated.
Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.
Over POP3 and IMAP an attacker can inject fake response data.
Mitigation
Install update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.2:*:*:*:*:*:*:*
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-libcurl-may-affect-ibm-spectrum-copy-data-management-cve-2022-27782-cve-2022-27774-cve-2021-22947-cve-2022-22576-cve-2022-27776-cve-2021-22946/
https://www.ibm.com/support/pages/node/6620213
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Authentication
EUVDB-ID: #VU62640
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-22576
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when re-using OAUTH2 connections for SASL-enabled protocols, such as SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). libcurl may reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. As a result, a connection that is successfully created and authenticated with a user name + OAUTH2 bearer can subsequently be erroneously reused even for user + [other OAUTH2 bearer], even though that might not even be a valid bearer.
A remote attacker can exploit this vulnerability against applications intended for use in multi-user environments to bypass authentication and gain unauthorized access to victim's accounts.
Install update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.2:*:*:*:*:*:*:*
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-libcurl-may-affect-ibm-spectrum-copy-data-management-cve-2022-27782-cve-2022-27774-cve-2021-22947-cve-2022-22576-cve-2022-27776-cve-2021-22946/
https://www.ibm.com/support/pages/node/6620213
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU62644
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-27776
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to curl can leak authentication or cookie header data during HTTP redirects to the same host but another port number. When asked to send custom headers or cookies in its HTTP requests, curl sends that set of headers only to the host which name is used in the initial URL, so that redirects to other hosts will make curl send the data to those. However, due to a flawed check, curl wrongly also sends that same set of headers to the hosts that are identical to the first one but use a different port number or URL scheme.
The vulnerability exists due to an incomplete fix for #VU10224 (CVE-2018-1000007).
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.2:*:*:*:*:*:*:*
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-libcurl-may-affect-ibm-spectrum-copy-data-management-cve-2022-27782-cve-2022-27774-cve-2021-22947-cve-2022-22576-cve-2022-27776-cve-2021-22946/
https://www.ibm.com/support/pages/node/6620213
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Cleartext transmission of sensitive information
EUVDB-ID: #VU56613
Risk: Medium
CVSSv4.0: 4.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-22946
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error, related to incorrect enforcement of the --ssl-reqd option on the command line or CURLOPT_USE_SSL setting set to CURLUSESSL_CONTROL or CURLUSESSL_ALL with libcurl. A remote attacker with control over the IMAP, POP3 or FTP server can send a specially crafted but perfectly legitimate response to the libcurl client and force it silently to continue its operations without TLS encryption and transmit data in clear text over the network.
Install update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_spectrum_copy_data_management:2.2.2:*:*:*:*:*:*:*
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-libcurl-may-affect-ibm-spectrum-copy-data-management-cve-2022-27782-cve-2022-27774-cve-2021-22947-cve-2022-22576-cve-2022-27776-cve-2021-22946/
https://www.ibm.com/support/pages/node/6620213
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
