Cross-Site Request Forgery in IBM Spectrum Copy Data Management
CVE-2022-22479

5MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Copy Data Management
Vendor: CVE Published:; 10 June 2022

What is CVE-2022-22479?

IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0 have a vulnerability that allows for cross-site request forgery (CSRF). This security flaw enables an attacker to carry out unauthorized actions on behalf of trusted users, potentially compromising sensitive data and system integrity. Users and administrators must be aware of this vulnerability to ensure their environments are secure and take appropriate measures to mitigate risks.

Affected Version(s)

Spectrum Copy Data Management 2.2.0.0

Spectrum Copy Data Management 2.2.15.0

References

https://www.ibm.com/support/pages/node/6593721

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/225887

vdb-entryx_refsource_XF

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2022
Vulnerability Reserved
Jan 3, 2022