CVE-2022-22485

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.14.000

Description The issue allows an attacker to exploit it using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. This is possible because, in some cases, an unsuccessful attempt to log in does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server.

Recommendations For versions 8.1.0.000 through 8.1.14.000, consider implementing additional security measures to prevent brute force attacks, such as limiting the number of login attempts or temporarily disabling the login functionality until a fix is available. Restrict access to the IBM Spectrum Protect Server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.