Vulnerability Description
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Spectrum Protect Plus | >= 10.1.6, <= 10.1.11 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/235873VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6620209Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/235873VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6620209Vendor Advisory
FAQ
What is CVE-2022-40608?
CVE-2022-40608 is a vulnerability with a CVSS score of 7.5 (HIGH). IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This re...
How severe is CVE-2022-40608?
CVE-2022-40608 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40608?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Spectrum Protect Plus.