CVE-2022-40608Path Traversal in IBM Spectrum Protect Plus

CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 28.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Spectrum Protect Plus
Timeline
PublishedSep 19
Latest updateSep 20

Description

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDibm/spectrum_protect_plus10.1.610.1.11
CVEListV5ibm/spectrum_protect_plus10.1.11, 10.1.6+1

🔴Vulnerability Details

2
GHSA
GHSA-m8r8-8368-mvmm: IBM Spectrum Protect Plus 102022-09-20
CVEList
CVE-2022-40608: IBM Spectrum Protect Plus 102022-09-19
CVE-2022-40608 — Path Traversal in IBM | cvebase