In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/226325 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/6595655 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
08 Aug 2023, 14:22
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-307 |
28 Jun 2022, 13:54
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-287 | |
| References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/226325 - VDB Entry, Vendor Advisory | |
| References | (CONFIRM) https://www.ibm.com/support/pages/node/6595655 - Patch, Vendor Advisory | |
| CPE | cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:* |
|
| First Time |
Linux
Ibm spectrum Protect Operations Center Ibm Microsoft Ibm aix Microsoft windows Linux linux Kernel |
|
| CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
17 Jun 2022, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-06-17 16:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-22485
Mitre link : CVE-2022-22485
CVE.ORG link : CVE-2022-22485
JSON object : View
Products Affected
microsoft
- windows
linux
- linux_kernel
ibm
- spectrum_protect_operations_center
- aix
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts