CVE-2022-22484Cleartext Storage of Sensitive Info in IBM Spectrum Protect

CWE-312Cleartext Storage of Sensitive Info4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Spectrum ProtectIBM Spectrum Protect Operations Center
Timeline
PublishedMay 17
Latest updateMar 3

Description

IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/spectrum_protect_operations_center8.1.12, 8.1.13+1
NVDibm/spectrum_protect8.1.12.0008.1.14

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

3
OSV
cmark-gfm vulnerabilities2025-03-03
GHSA
GHSA-594c-9jx7-c63x: IBM Spectrum Protect Operations Center 82022-05-18
CVEList
CVE-2022-22484: IBM Spectrum Protect Operations Center 82022-05-17
CVE-2022-22484 — Cleartext Storage of Sensitive Info | cvebase