| Vulnerability Name: | CVE-2022-22394 (CCN-222147) | ||||||||||||
| Assigned: | 2022-03-18 | ||||||||||||
| Published: | 2022-03-18 | ||||||||||||
| Updated: | 2022-03-28 | ||||||||||||
| Summary: | The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-269 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-22394 Source: XF Type: UNKNOWN ibm-spectrum-cve202222394-priv-esc(222147) Source: XF Type: VDB Entry, Vendor Advisory ibm-spectrum-cve202222394-priv-esc (222147) Source: CCN Type: IBM Security Bulletin 6564745 (Spectrum Protect Server) IBM Spectrum Protect 8.1.14.000 Server is vulnerable to bypass of security restrictions (CVE-2022-22394) Source: CONFIRM Type: Patch, Vendor Advisory https://www.ibm.com/support/pages/node/6564745 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||