Vulnerability Description
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Spectrum Copy Data Management | >= 2.2.0.0, < 2.2.15 |
| Ibm | Spectrum Protect Plus | >= 10.1.0, < 10.1.9.3 |
| Linux | Linux Kernel | - |
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/220485VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6562479Vendor Advisory
- https://www.ibm.com/support/pages/node/6562989Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/220485VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6562479Vendor Advisory
- https://www.ibm.com/support/pages/node/6562989Vendor Advisory
FAQ
What is CVE-2022-22354?
CVE-2022-22354 is a vulnerability with a CVSS score of 7.5 (HIGH). IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial...
How severe is CVE-2022-22354?
CVE-2022-22354 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22354?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Copy Data Management, Ibm Spectrum Protect Plus, Linux Linux Kernel.