CA20220616-01: Security Notice for CA Clarity

Clarity PPM On Premise

0 more products


16 June 2022

16 June 2022



CA20220616-01: Security Notice for CA Clarity

Issued: June 16th, 2022

CA Technologies, A Broadcom Company, is alerting customers to a vulnerability in CA Clarity. A vulnerability exists that can allow a remote attacker to access sensitive data. CA has published solutions to address this vulnerability and recommends that all affected customers implement these solutions.

The vulnerability, CVE-2022-33739, occurs due to insecure XML parsing.  A remote attacker can potentially view the contents of any file on the system.

Risk Rating

CVE-2022-33739 - Medium



Affected Products

CA Clarity 15.8 and below
CA Clarity 15.9.0

Non-Affected Products

CA Clarity 15.8.1 and above
CA Clarity and above

How to determine if the installation is affected

Check the product version and hotfix level.  


CA Technologies published the following solutions to address the vulnerabilities:

Upgrade to or later.

The latest release is Clarity 16.0.2.

How to determine if the fix is applied

Check the product version and hotfix level.


CVE-2022-33739 - CA Clarity XXE vulnerability


CVE-2022-33739 - Michał Skowron (ING Hubs Poland)

Change History

Version 1.0: 2022-06-16 - Initial Release

CA customers may receive product alerts and advisories by subscribing to Proactive Notifications.

Customers who require additional information about this notice may contact CA Technologies Support at

To report a suspected vulnerability in a CA Technologies product, please send a summary to the CA Technologies Product Vulnerability Response Team.

Copyright © 2022 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connecting everything, CA Technologies and the CA technologies logo are among the trademarks of Broadcom. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.