{"api_version":"1","generated_at":"2026-04-22T23:31:32+00:00","cve":"CVE-2022-22426","urls":{"html":"https://cve.report/CVE-2022-22426","api":"https://cve.report/api/cve/CVE-2022-22426.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-22426","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-22426"},"summary":{"title":"CVE-2022-22426","description":"IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2022-06-10 16:15:00","updated_at":"2023-08-08 14:22:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.ibm.com/support/pages/node/6593721","name":"https://www.ibm.com/support/pages/node/6593721","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: IBM Spectrum Copy Data Management is vulnerable to bypassing authentication, information disclosure, XSS, CSRF, and reverse tabnabbing","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/223718","name":"ibm-spectrum-cve202222426-info-disc (223718)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-22426","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22426","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"22426","vulnerable":"1","versionEndIncluding":"2.2.15.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"spectrum_copy_data_management","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22426","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"description":{"description_data":[{"value":"IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718.","lang":"eng"}]},"references":{"reference_data":[{"name":"https://www.ibm.com/support/pages/node/6593721","url":"https://www.ibm.com/support/pages/node/6593721","refsource":"CONFIRM","title":"IBM Security Bulletin 6593721 (Spectrum Copy Data Management)"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/223718","name":"ibm-spectrum-cve202222426-info-disc (223718)","title":"X-Force Vulnerability Report","refsource":"XF"}]},"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","STATE":"PUBLIC","ID":"CVE-2022-22426","DATE_PUBLIC":"2022-06-09T00:00:00"},"problemtype":{"problemtype_data":[{"description":[{"value":"Obtain Information","lang":"eng"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"product_name":"Spectrum Copy Data Management","version":{"version_data":[{"version_value":"2.2.0.0"},{"version_value":"2.2.15.0"}]}}]}}]}},"data_format":"MITRE","impact":{"cvssv3":{"BM":{"A":"N","AC":"H","I":"N","S":"U","C":"L","UI":"N","AV":"L","PR":"N","SCORE":"2.900"},"TM":{"RC":"C","RL":"O","E":"U"}}},"data_type":"CVE","data_version":"4.0"},"nvd":{"publishedDate":"2022-06-10 16:15:00","lastModifiedDate":"2023-08-08 14:22:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:spectrum_copy_data_management:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0.0","versionEndIncluding":"2.2.15.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"22426","Ordinal":"224767","Title":"CVE-2022-22426","CVE":"CVE-2022-22426","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"22426","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}