Security Bulletin: Reverse Tabnabbing and Cross-Site Request Forgery vulnerabilities in IBM Spectrum Protect Operations Center (CVE-2020-22348, CVE-2020-22346)

Summary

IBM Spectrum Protect Operations Center is vulnerable to reverse tabnabbing and cross-site request forgery (CSRF).

Vulnerability Details

CVEID:CVE-2022-22348
**DESCRIPTION:**IBM Spectrum Protect Operations Center is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/220139 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2022-22346
**DESCRIPTION:**IBM Spectrum Protect Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/220048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

_IBM Spectrum Protect Operations Center Affected Versions
_|Fixing
Level|Platform|_Link to Fix and Instructions
_
—|—|—|—
8.1.0.000-8.1.13.xxx| 8.1.14| AIX
Linux
Windows| <https://www.ibm.com/support/pages/node/6562363&gt;

Workarounds and Mitigations

None