CVE-2022-22478Cleartext Storage of Sensitive Info in IBM Spectrum Protect Client

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 84.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Protect Client
Timeline
PublishedJun 30
Latest updateJul 1

Description

IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/spectrum_protect_client8.1.0.08.1.14.0
CVEListV5ibm/spectrum_protect_client8.1.0.0, 8.1.14.0+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-mvjj-gmrm-r88p: IBM Spectrum Protect Client 82022-07-01
CVEList
CVE-2022-22478: IBM Spectrum Protect Client 82022-06-30
CVE-2022-22478 — Cleartext Storage of Sensitive Info | cvebase