Lucene search

IbmCVELIST:CVE-2022-22487

HistoryJun 30, 2022 - 4:25 p.m.

CVE-2022-22487

2022-06-3016:25:26

ibm

www.cve.org

ibm spectrum protect

brute force attack

unauthorized access

x-force id

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

64.8%

JSON

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.

CNA Affected

[
  {
    "product": "Spectrum Protect Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.1.0.000"
      },
      {
        "status": "affected",
        "version": "8.1.14"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/226326

www.ibm.com/support/pages/node/6596881

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

64.8%

JSON

Related for CVELIST:CVE-2022-22487