CVE-2022-22354

3 documents3 sources

Severity

7.5HIGH

EPSS

0.2%

top 60.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spectrum Copy Data Management IBM Spectrum Protect Plus

Timeline

PublishedMar 14

Latest updateMar 15

Description

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDibm/spectrum_copy_data_management2.2.0.0 — 2.2.15

▶CVEListV5ibm/spectrum_copy_data_management2.2.0.0, 2.2.14.3+1

▶NVDibm/spectrum_protect_plus10.1.0 — 10.1.9.3

▶CVEListV5ibm/spectrum_protect_plus10.1.0.0, 10.1.9.2+1

🔴Vulnerability Details

GHSA

GHSA-3wp3-9f4h-fqwh: IBM Spectrum Protect Plus 10↗2022-03-15

▶

CVEList

CVE-2022-22354: IBM Spectrum Protect Plus 10↗2022-03-14

▶