Vulnerability Description
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Spectrum Protect Operations Center | >= 8.1.0.000, <= 8.1.14.000 |
| Ibm | Aix | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/226325VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6595655PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/226325VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6595655PatchVendor Advisory
FAQ
What is CVE-2022-22485?
CVE-2022-22485 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the...
How severe is CVE-2022-22485?
CVE-2022-22485 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-22485?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Protect Operations Center, Ibm Aix, Linux Linux Kernel, Microsoft Windows.