CVE-2022-22484
published 2022-05-17CVE-2022-22484: IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github | cmark-gfm | >= 0 < 0.29.0.gfm.0-4ubuntu0.1~esm1 | 0.29.0.gfm.0-4ubuntu0.1~esm1 |
| github | cmark-gfm | >= 0 < 0.29.0.gfm.3-3ubuntu0.1~esm1 | 0.29.0.gfm.3-3ubuntu0.1~esm1 |
| github | cmark-gfm | >= 0 < 0.29.0.gfm.6-6ubuntu0.24.04.1~esm1 | 0.29.0.gfm.6-6ubuntu0.24.04.1~esm1 |
| ibm | spectrum_protect | >= 8.1.12.000 < 8.1.14 | 8.1.14 |
| ibm | spectrum_protect_operations_center | — | — |
| ibm | spectrum_protect_operations_center | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv6.5MEDIUM