SB2022110708 - Improper authentication in IBM App Connect Enterprise Certified Container
Published: November 7, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Authentication (CVE-ID: CVE-2022-22576)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when re-using OAUTH2 connections for SASL-enabled protocols, such as SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). libcurl may reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. As a result, a connection that is successfully created and authenticated with a user name + OAUTH2 bearer can subsequently be erroneously reused even for user + [other OAUTH2 bearer], even though that might not even be a valid bearer.
A remote attacker can exploit this vulnerability against applications intended for use in multi-user environments to bypass authentication and gain unauthorized access to victim's accounts.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-operands-may-be-vulnerable-to-bypassing-access-restrictions-due-to-cve-2022-22576/"
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-operands-may-be-vulnerable-to-bypassing-access-restrictions-due-to-cve-2022-22576/</a><br>
- https://www.ibm.com/support/pages/node/6837309<br><br></p>