CVE-2022-22396

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Plus versions 10.1.0.0 through 10.1.9.3

Description The issue involves credentials being printed in clear text in the virgo log file under certain conditions. These credentials could include those for remote vSnap, offload targets, or VADP, depending on the operation being performed. However, credentials using API keys or certificates are not affected.

Recommendations For versions 10.1.0.0 through 10.1.9.3, consider restricting access to the virgo log file to minimize the risk of credential exposure until a patch is available. As a temporary workaround, review and limit the use of operations that involve printing credentials to the log file.