CVE-2022-22426
Summary
| CVE | CVE-2022-22426 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-06-10 16:15:00 UTC |
| Updated | 2023-08-08 14:22:00 UTC |
| Description | IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Spectrum Copy Data Management | All | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Bulletin: IBM Spectrum Copy Data Management is vulnerable to bypassing authentication, information disclosure, XSS, CSRF, and reverse tabnabbing | CONFIRM | www.ibm.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.