{"api_version":"1","generated_at":"2026-04-22T23:32:06+00:00","cve":"CVE-2022-22396","urls":{"html":"https://cve.report/CVE-2022-22396","api":"https://cve.report/api/cve/CVE-2022-22396.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-22396","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-22396"},"summary":{"title":"CVE-2022-22396","description":"Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2022-06-06 19:15:00","updated_at":"2022-06-14 15:46:00"},"problem_types":["CWE-522"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/222231","name":"ibm-spectrum-cve202222396-info-disc (222231)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ibm.com/support/pages/node/6591505","name":"https://www.ibm.com/support/pages/node/6591505","refsource":"CONFIRM","tags":[],"title":"Security Bulletin:  IBM Spectrum Protect Plus may disclose sensitive information in virgo log file (CVE-2022-22396)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-22396","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22396","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"22396","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"spectrum_protect_plus","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22396","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","impact":{"cvssv3":{"TM":{"RL":"O","E":"U","RC":"C"},"BM":{"I":"N","A":"N","AV":"N","AC":"L","S":"C","UI":"N","SCORE":"6.800","PR":"H","C":"H"}}},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.ibm.com/support/pages/node/6591505","url":"https://www.ibm.com/support/pages/node/6591505","title":"IBM Security Bulletin 6591505 (Spectrum Protect Plus)"},{"refsource":"XF","name":"ibm-spectrum-cve202222396-info-disc (222231)","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/222231","title":"X-Force Vulnerability Report"}]},"description":{"description_data":[{"value":"Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231.","lang":"eng"}]},"data_format":"MITRE","data_version":"4.0","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"10.1.0.0"},{"version_value":"10.1.9.3"}]},"product_name":"Spectrum Protect Plus"}]},"vendor_name":"IBM"}]}},"CVE_data_meta":{"ID":"CVE-2022-22396","STATE":"PUBLIC","DATE_PUBLIC":"2022-06-02T00:00:00","ASSIGNER":"psirt@us.ibm.com"},"problemtype":{"problemtype_data":[{"description":[{"value":"Obtain Information","lang":"eng"}]}]}},"nvd":{"publishedDate":"2022-06-06 19:15:00","lastModifiedDate":"2022-06-14 15:46:00","problem_types":["CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:spectrum_protect_plus:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.10","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"22396","Ordinal":"224737","Title":"CVE-2022-22396","CVE":"CVE-2022-22396","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"22396","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}