Lucene search

IbmCVELIST:CVE-2022-22396

HistoryJun 02, 2022 - 12:00 a.m.

CVE-2022-22396

2022-06-0200:00:00

ibm

www.cve.org

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.6%

JSON

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231.

CNA Affected

[
  {
    "product": "Spectrum Protect Plus",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.0.0"
      },
      {
        "status": "affected",
        "version": "10.1.9.3"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/222231

www.ibm.com/support/pages/node/6591505

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.6%

JSON

Related for CVELIST:CVE-2022-22396