CVE-2022-30610

CWE-269Improper Privilege Management3 documents3 sources
Severity
4.5MEDIUM
EPSS
0.1%
top 71.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Copy Data Management
Timeline
PublishedJun 10
Latest updateJun 11

Description

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

NVDibm/spectrum_copy_data_management2.2.0.02.2.15.0
CVEListV5ibm/spectrum_copy_data_management2.2.0.0, 2.2.15.0+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-qv6f-r8hc-x3jr: IBM Spectrum Copy Data Management 22022-06-11
CVEList
CVE-2022-30610: IBM Spectrum Copy Data Management 22022-06-10