CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
55.2%
BM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift is vulnerable to login security being bypassed which can result in gaining unauthorized access to the IBM Spectrum Protect Plus Server.
CVEID:CVE-2022-22472
**DESCRIPTION:**IBM Spectrum Protect Plus Container Backup and Restore could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225340 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes | 10.1.5-10.1.10.2 |
IBM Spectrum Protect Plus Container Backup and Restore for Red Hat OpenShift | 10.1.7-10.1.10.2 |
**BM Spectrum Protect
Plus **Affected Versions|**Fixing
**Level|Platform|**Link to Fix and Instructions
**
β|β|β|β
10.1.5-10.1.10.2 (Kubernetes)
10.1.7-10.1.10.2 (Red Hat OpenShift)| 10.1.11| Linux|
<https://www.ibm.com/support/pages/node/6579841>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | spectrum_protect_plus | 10.1 | cpe:2.3:a:ibm:spectrum_protect_plus:10.1:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
55.2%