Local Information Disclosure in IBM Spectrum Protect Operations Center
CVE-2022-22484

5.1MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Protect Operations Center
Vendor: CVE Published:; 17 May 2022

Summary

IBM Spectrum Protect Operations Center versions 8.1.12 and 8.1.13 are susceptible to a vulnerability that may expose plain text user account passwords within the browser's application command history. This can enable a local attacker to retrieve stored passwords by accessing the browser history, resulting in unauthorized access to other user accounts. Organizations using these versions should take immediate action to mitigate this risk and secure their user credentials.

Affected Version(s)

Spectrum Protect Operations Center 8.1.13

Spectrum Protect Operations Center 8.1.12

References

https://www.ibm.com/support/pages/node/6586314

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/226322

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2022
Vulnerability Reserved
Jan 3, 2022