CVE-2022-22485

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ibmCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
ibmspectrum_protect_operations_center
8.1.0.000 ≤
𝑥
≤ 8.1.14.000
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ibmspectrum_protect
8.1.0.0
CNA
ibmspectrum_protect
8.1.14.0
CNA
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/226325
https://www.ibm.com/support/pages/node/6595655
https://exchange.xforce.ibmcloud.com/vulnerabilities/226325
https://www.ibm.com/support/pages/node/6595655