Vulnerability Description
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Spectrum Protect Server | >= 8.1.0.000, <= 8.1.14 |
| Ibm | Aix | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/226326VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6596881PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/226326VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6596881PatchVendor Advisory
FAQ
What is CVE-2022-22487?
CVE-2022-22487 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. ...
How severe is CVE-2022-22487?
CVE-2022-22487 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-22487?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Protect Server, Ibm Aix, Linux Linux Kernel, Microsoft Windows.