CVE-2022-22494

CWE-668Exposure to Wrong Sphere3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.5%
top 35.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Protect Operations Center
Timeline
PublishedJun 30
Latest updateJul 1

Description

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDibm/spectrum_protect_operations_center8.1.0.0008.1.14.000
CVEListV5ibm/spectrum_protect_operations_center8.1.0.000, 8.1.14+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-254c-2j77-4hhm: IBM Spectrum Protect Operations Center 82022-07-01
CVEList
CVE-2022-22494: IBM Spectrum Protect Operations Center 82022-06-30
CVE-2022-22494 (MEDIUM CVSS 5.3) | IBM Spectrum Protect Operations Cen | cvebase.io