CVE-2022-22354

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Plus versions 10.1.0.0 through 10.1.9.2 IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.14.3

Description The issue is related to a Slowloris HTTP denial of service attack. This attack can take place because the software does not limit the length of a connection, which can cause the Admin Console to become unresponsive.

Recommendations For IBM Spectrum Protect Plus versions 10.1.0.0 through 10.1.9.2, consider restricting access to the Admin Console to minimize the risk of exploitation. For IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.14.3, consider implementing connection limits to prevent Slowloris HTTP denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.