CVE-2022-22426

IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
ibmCNA
2.9 LOW
LOCAL
HIGH
NONE
CVSS:3.0/A:N/AC:H/I:N/S:U/C:L/UI:N/AV:L/PR:N/RC:C/RL:O/E:U
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
ibmspectrum_copy_data_management
2.2.0.0 ≤
𝑥
≤ 2.2.15.0
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/223718
https://www.ibm.com/support/pages/node/6593721
https://exchange.xforce.ibmcloud.com/vulnerabilities/223718
https://www.ibm.com/support/pages/node/6593721