CVE-2022-22485
CRITICALIBM Spectrum Protect Operations Center <8.1.14.000 - Info Disclosure
Title source: llmDescription
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6595655
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/226325
Scores
CVSS v3
9.8
EPSS
0.0018
EPSS Percentile
39.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-307
Status
published
Products (1)
ibm/spectrum_protect_operations_center
8.1.0.000 - 8.1.14.000
Published
Jun 17, 2022
Tracked Since
Feb 18, 2026