CVE-2022-22396

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231.

Published: Jun 6, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-22396
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-522

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
ibm / spectrum_protect_plus	10.1.0	10.1.10

https://exchange.xforce.ibmcloud.com/vulnerabilities/222231
https://www.ibm.com/support/pages/node/6591505

Vulnerability Database

289,599

CVE-2022-22396