Vulnerability Details : CVE-2022-22484
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.
Products affected by CVE-2022-22484
- cpe:2.3:a:ibm:spectrum_protect:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-22484
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-22484
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.1
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
1.4
|
3.6
|
IBM Corporation | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2022-22484
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-22484
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/226322
IBM Spectrum Protect Operations Center information disclosure CVE-2022-22484 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www.ibm.com/support/pages/node/6586314
Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center Browser's History (CVE-2022-22484)Patch;Vendor Advisory
Jump to