PT-2022-15425 · Ibm · Ibm Spectrum Copy Data Management
Published
2022-06-10
·
Updated
2023-08-08
·
CVE-2022-22426
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Spectrum Copy Data Management Admin versions 2.2.0.0 through 2.2.15.0
Description
The issue is caused by the lack of proper session management, allowing a local attacker to bypass authentication restrictions. This could enable an attacker to gain unauthorized access to the Spectrum Copy Data Management catalog, which contains metadata.
Recommendations
For versions 2.2.0.0 through 2.2.15.0, update to a version that includes proper session management to prevent authentication bypass. As a temporary workaround, consider implementing additional authentication measures to restrict access to the Spectrum Copy Data Management catalog.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Spectrum Copy Data Management