IBM Spectrum Protect Operations Center is vulnerable to reverse tabnabbing and cross-site request forgery (CSRF).
CVEID:CVE-2022-22348
**DESCRIPTION:**IBM Spectrum Protect Operations Center is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/220139 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID:CVE-2022-22346
**DESCRIPTION:**IBM Spectrum Protect Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/220048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Operations Center | 8.1.0.000-8.1.13.xxx |
_IBM Spectrum Protect Operations Center Affected Versions
_|Fixing
Level|Platform|_Link to Fix and Instructions
_
—|—|—|—
8.1.0.000-8.1.13.xxx| 8.1.14| AIX
Linux
Windows| <https://www.ibm.com/support/pages/node/6562363>
None