CVE-2022-22496

CWE-3073 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 67.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Protect Server
Timeline
PublishedJun 30
Latest updateJul 1

Description

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/spectrum_protect_server8.1.0.0008.1.14
CVEListV5ibm/spectrum_protect_server8.1.0.000, 8.1.14+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-x2j4-7cp7-cff7: While a user account for the IBM Spectrum Protect Server 82022-07-01
CVEList
CVE-2022-22496: While a user account for the IBM Spectrum Protect Server 82022-06-30
CVE-2022-22496 (MEDIUM CVSS 6.5) | While a user account for the IBM Sp | cvebase.io