CVE-2022-22484

MEDIUM

IBM Spectrum Protect Operations Center <8.1.12/13 - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6586314
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/226322

Scores

CVSS v3 5.5
EPSS 0.0002
EPSS Percentile 5.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-312
Status published
Products (1)
ibm/spectrum_protect 8.1.12.000 - 8.1.14
Published May 17, 2022
Tracked Since Feb 18, 2026