CVE-2022-22396Insufficiently Protected Credentials in IBM Spectrum Protect Plus

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 75.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Protect Plus
Timeline
PublishedJun 6
Latest updateJun 7

Description

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDibm/spectrum_protect_plus10.1.010.1.10
CVEListV5ibm/spectrum_protect_plus10.1.0.0, 10.1.9.3+1

🔴Vulnerability Details

2
GHSA
GHSA-7q6h-cg2p-9cxp: Credentials are printed in clear text in the IBM Spectrum Protect Plus 102022-06-07
CVEList
CVE-2022-22396: Credentials are printed in clear text in the IBM Spectrum Protect Plus 102022-06-06
CVE-2022-22396 — Insufficiently Protected Credentials | cvebase