Lucene search

IbmCVELIST:CVE-2022-22396

HistoryJun 06, 2022 - 4:30 p.m.

CVE-2022-22396

2022-06-0616:30:14

ibm

www.cve.org

clear text

ibm spectrum protect plus

credentials

10.1.0.0 - 10.1.9.3

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231.

CNA Affected

[
  {
    "product": "Spectrum Protect Plus",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.0.0"
      },
      {
        "status": "affected",
        "version": "10.1.9.3"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/222231

www.ibm.com/support/pages/node/6591505

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

35.4%

JSON

Related for CVELIST:CVE-2022-22396