Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module use libcurl with multiple known vulnerabilities

Summary

Vulnerabilities contained within libcurl (a 3rd party component) were identified and remediated in the IBM MaaS360 Cloud Extender Agent and Base Module.

Vulnerability Details

CVEID:CVE-2022-27780
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw that wrongly accepts percent-encoded URL separators like ‘/’ by the URL parser. By sending a specially-crafted host name in a URL, an attacker could exploit this vulnerability to bypass filters and checks for URL.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226250 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-27781
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a flaw in the the CURLOPT_CERTINFO option. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a never ending busy-loop when trying to retrieve certificate chain information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226251 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-27778
**DESCRIPTION:**An unspecified error with removing wrong file when --no-clobber is used together with --remove-on-error option in cURL libcurl has an unknown impact and attack vector.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226248 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-27782
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by an easy connection reuse flaw for TLS and SSH. By sending a specially-crafted request using the connections in a connection pool, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226252 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-30115
**DESCRIPTION:**cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a HSTS check bypass flaw. By sending a specially-crafted request using a host name in the an URL with a trailing dot, an attacker could exploit this vulnerability to obtain sensitive information over clear-text HTTP, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226253 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-27779
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw that wrongly allows HTTP cookies to be set for Top Level Domains (TLDs). By using a specially-crafted host name with a trailing dot, an attacker could exploit this vulnerability to allow arbitrary sites to set cookies that would get sent to a different and unrelated site or domain.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226249 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2022-27776
**DESCRIPTION:**cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw when asked to send custom headers or cookies in its HTTP requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain authentication or cookie header data information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225296 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-27775
**DESCRIPTION:**cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a logic error in the config matching function. By sending a specially-crafted request using IPv6, an attacker could exploit this vulnerability to cause libcurl to reuse the wrong connection to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-27774
**DESCRIPTION:**cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the “same host check” feature during a cross protocol redirects. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225294 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

IBM strongly recommends customers to update their systems promptly.

• Update the IBM MaaS360 Cloud Extender to version 2.106.600.007 or greater.
• Apply the IBM Base Module to version 2.106.600 or greater

The latest Cloud Extender Agent is available within the MaaS360 Administrator Portal.

Instructions to upgrade the Agent and modules are located on this IBM Documentation page.

Workarounds and Mitigations

None