CVE-2022-30610

Name of the Vulnerable Software and Affected Versions IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0

Description The issue allows a page linked to from within IBM Spectrum Copy Data Management to rewrite it, potentially leading to phishing attacks. An administrator could enter a link to a malicious URL that another administrator could then click, resulting in the malicious URL rewriting the original page with a phishing page.

Recommendations For versions 2.2.0.0 through 2.2.15.0, consider restricting access to external links within IBM Spectrum Copy Data Management to minimize the risk of exploitation. As a temporary workaround, administrators should be cautious when clicking on links provided by other administrators to avoid potential phishing attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.