Denial of Service Vulnerability in IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management
CVE-2022-22354

6.2MEDIUM

Key Information:

Vendor

IBM
Status
Spectrum Copy Data Management
Spectrum Protect Plus
Vendor
CVE Published:
14 March 2022

What is CVE-2022-22354?

IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management are vulnerable due to insufficient length limitations on incoming connections. This flaw could be exploited to initiate a Slowloris HTTP denial of service attack, leading to a potential unresponsive state for the Admin Console. This poses a risk for operational efficiency and accessibility of critical management interfaces, making it essential for users to ensure their systems are updated to the latest versions to mitigate this vulnerability.

Affected Version(s)

Spectrum Copy Data Management 2.2.0.0

Spectrum Copy Data Management 2.2.14.3

Spectrum Protect Plus 10.1.0.0

References

https://www.ibm.com/support/pages/node/6562479
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6562989
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/220485
vdb-entryx_refsource_XF

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.