CVE-2022-22348Cross-Site Request Forgery in IBM Spectrum Protect Operations Center

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
2.4LOWNVD
EPSS
0.0%
top 86.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Protect Operations Center
Timeline
PublishedMar 14
Latest updateMar 15

Description

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

NVDibm/spectrum_protect_operations_center8.1.0.0008.1.14.000
CVEListV5ibm/spectrum_protect_operations_center8.1.0.000, 8.1.13+1

🔴Vulnerability Details

2
GHSA
GHSA-gqpw-qj95-7x55: IBM Spectrum Protect Operations Center 82022-03-15
CVEList
CVE-2022-22348: IBM Spectrum Protect Operations Center 82022-03-14
CVE-2022-22348 — Cross-Site Request Forgery in IBM | cvebase