CVE-2022-22394Improper Privilege Management in IBM Spectrum Protect Server

CWE-269Improper Privilege Management3 documents3 sources
Severity
8.8HIGHNVD
EPSS
5.3%
top 9.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Spectrum Protect ServerIBM Spectrum Protect
Timeline
PublishedMar 21
Latest updateMar 22

Description

The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/spectrum_protect_server8.1.14.000
NVDibm/spectrum_protect8.1.14.100

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-6hcw-9ghr-6pfv: The IBM Spectrum Protect 82022-03-22
CVEList
CVE-2022-22394: The IBM Spectrum Protect 82022-03-21
CVE-2022-22394 — Improper Privilege Management in IBM | cvebase