Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22396

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231.

Published

2022-06-06T19:15:09.547

Last Modified

2024-11-21T06:46:45.043

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	spectrum_protect_plus	< 10.1.10	Yes
Application	linux	linux_kernel	-	No

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/222231 VDB Entry, Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/6591505 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/222231 VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/6591505 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)