Lucene search

IbmCVELIST:CVE-2022-30610

HistoryJun 10, 2022 - 4:00 p.m.

CVE-2022-30610

2022-06-1016:00:24

ibm

www.cve.org

ibm spectrum copy data management

reverse tabnabbing

vulnerability

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

19.6%

JSON

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363.

CNA Affected

[
  {
    "product": "Spectrum Copy Data Management",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.0.0"
      },
      {
        "status": "affected",
        "version": "2.2.15.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/227363

www.ibm.com/support/pages/node/6593721

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

19.6%

JSON

Related for CVELIST:CVE-2022-30610