Security Bulletin: IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift vulnerable to login security bypass (CVE-2022-22472)

Summary

BM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift is vulnerable to login security being bypassed which can result in gaining unauthorized access to the IBM Spectrum Protect Plus Server.

Vulnerability Details

CVEID:CVE-2022-22472
**DESCRIPTION:**IBM Spectrum Protect Plus Container Backup and Restore could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225340 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)

Affected Products and Versions

Remediation/Fixes

**BM Spectrum Protect
Plus **Affected Versions|**Fixing
**Level|Platform|**Link to Fix and Instructions
**
—|—|—|—
10.1.5-10.1.10.2 (Kubernetes)
10.1.7-10.1.10.2 (Red Hat OpenShift)| 10.1.11| Linux|

<https://www.ibm.com/support/pages/node/6579841&gt;

Workarounds and Mitigations

None