CVE-2022-22472

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Plus Container Backup and Restore versions 10.1.5 through 10.1.10.2 for Kubernetes IBM Spectrum Protect Plus Container Backup and Restore versions 10.1.7 through 10.1.10.2 for Red Hat OpenShift

Description The issue is caused by improper disclosure of session information, allowing a remote attacker to bypass role-based access control restrictions. By retrieving the logs of a container, an attacker could exploit this to bypass login security and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user.

Recommendations For versions 10.1.5 through 10.1.10.2 for Kubernetes, consider restricting access to the container logs to minimize the risk of exploitation. For versions 10.1.7 through 10.1.10.2 for Red Hat OpenShift, consider restricting access to the container logs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.