{"api_version":"1","generated_at":"2026-06-21T07:03:52+00:00","cve":"CVE-2022-22487","urls":{"html":"https://cve.report/CVE-2022-22487","api":"https://cve.report/api/cve/CVE-2022-22487.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-22487","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-22487"},"summary":{"title":"CVE-2022-22487","description":"An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.","state":"PUBLIC","assigner":"psirt@us.ibm.com","published_at":"2022-06-30 17:15:00","updated_at":"2023-08-08 14:22:00"},"problem_types":["CWE-307"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/226326","name":"ibm-spectrum-cve202222487-info-disc (226326)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.ibm.com/support/pages/node/6596881","name":"https://www.ibm.com/support/pages/node/6596881","refsource":"CONFIRM","tags":[],"title":"Security Bulletin: IBM Spectrum Protect Server vulnerable to offline dictionary and brute force attacks (CVE-2022-22496, CVE-2022-22487)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-22487","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22487","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"22487","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ibm","cpe5":"aix","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22487","vulnerable":"1","versionEndIncluding":"8.1.14","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"spectrum_protect_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22487","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22487","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-22487","qid":"377859","title":"IBM Spectrum Protect Server Multiple Vulnerabilities (6596881)"}]},"source_records":{"cve_program":{"impact":{"cvssv3":{"TM":{"RL":"O","RC":"C","E":"U"},"BM":{"S":"U","A":"N","SCORE":"5.900","AV":"N","AC":"H","UI":"N","PR":"N","I":"N","C":"H"}}},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"vendor_name":"IBM","product":{"product_data":[{"product_name":"Spectrum Protect Server","version":{"version_data":[{"version_value":"8.1.0.000"},{"version_value":"8.1.14"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.ibm.com/support/pages/node/6596881","refsource":"CONFIRM","title":"IBM Security Bulletin 6596881 (Spectrum Protect Server)","name":"https://www.ibm.com/support/pages/node/6596881"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/226326","title":"X-Force Vulnerability Report","name":"ibm-spectrum-cve202222487-info-disc (226326)","refsource":"XF"}]},"data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326."}]},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"value":"Obtain Information","lang":"eng"}]}]},"CVE_data_meta":{"ID":"CVE-2022-22487","STATE":"PUBLIC","DATE_PUBLIC":"2022-06-29T00:00:00","ASSIGNER":"psirt@us.ibm.com"}},"nvd":{"publishedDate":"2022-06-30 17:15:00","lastModifiedDate":"2023-08-08 14:22:00","problem_types":["CWE-307"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:spectrum_protect_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0.000","versionEndIncluding":"8.1.14","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"22487","Ordinal":"224828","Title":"CVE-2022-22487","CVE":"CVE-2022-22487","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"22487","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}