CVE-2022-22426

CWE-287 — Improper Authentication3 documents3 sources

Severity

3.3LOW

EPSS

0.0%

top 88.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spectrum Copy Data Management

Timeline

PublishedJun 10

Latest updateJun 11

Description

IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/spectrum_copy_data_management2.2.0.0 — 2.2.15.0

▶CVEListV5ibm/spectrum_copy_data_management2.2.0.0, 2.2.15.0+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-gr2p-rq43-h8cc: IBM Spectrum Copy Data Management Admin 2↗2022-06-11

▶

CVEList

CVE-2022-22426: IBM Spectrum Copy Data Management Admin 2↗2022-06-10

▶