Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22487

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.

Published

2022-06-30T17:15:07.840

Last Modified

2024-11-21T06:46:53.290

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-307

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	spectrum_protect_server	≤ 8.1.14	Yes
Operating System	ibm	aix	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/226326 VDB Entry, Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/6596881 Patch, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/226326 VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/6596881 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)