CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
52.7%
The IBM Spectrum Protect Server, in certain instances, may not increment the number of invalid sign-on attempts from Operations Center. This could allow an attacker to use brute force techniques to gain access to the IBM Spectrum Protect Server.
CVEID:CVE-2022-22485
**DESCRIPTION:**In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center does not cause the administratorβs invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226325 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Server | 8.1.0.000-8.1.14.000 |
IBM SpectrumProtect ServerAffected Versions
| Fixing Level|**APAR
**|Platform|**Link to Fix and Instructions
**
β|β|β|β|β
8.1.0.000-8.1.14.000| 8.1.14.100| IT40424| AIX
Linux
Windows|
<https://www.ibm.com/support/pages/node/6562367>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | spectrum_protect | 8.1 | cpe:2.3:a:ibm:spectrum_protect:8.1:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
52.7%