CVE-2022-22485

Description

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.

Related CPE's

aibmspectrum_protect_operations_center********

omicrosoftwindows-*******

olinuxlinux_kernel-*******

oibmaix-*******

References

ibm-spectrum-cve202222485-info-disc (226325)

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6595655

PatchVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

7.5

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io