CVE-2022-22426

IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718.

Published: Jun 10, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-22426
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.3
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
ibm / spectrum_copy_data_management	2.2.0.0	2.2.15.0.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/223718
https://www.ibm.com/support/pages/node/6593721

Vulnerability Database

289,697

CVE-2022-22426