CVE-2022-22487

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect Server versions 8.1.0.000 through 8.1.14

Description A remote attacker could perform a brute force attack by making unlimited attempts to login to the storage agent without locking the administrative ID. This could allow the attacker to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server with which it communicates.

Recommendations For versions 8.1.0.000 through 8.1.14, consider implementing a lockout policy for the administrative ID after a specified number of failed login attempts to mitigate the risk of brute force attacks. As a temporary workaround, restrict access to the storage agent to minimize the risk of exploitation.