Cross-Site Scripting in IBM Spectrum Copy Data Management
CVE-2022-30611

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Copy Data Management
Vendor: CVE Published:; 10 June 2022

Summary

IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0 are susceptible to cross-site scripting due to inadequate validation of user-generated input. This vulnerability allows remote attackers to inject malicious scripts via specific fields in the portal UI, potentially leading to the execution of harmful scripts in the context of the victim's browser. Successful exploitation could enable attackers to capture cookie-based authentication credentials from unsuspecting users, posing significant security risks.

Affected Version(s)

Spectrum Copy Data Management 2.2.0.0

Spectrum Copy Data Management 2.2.15.0

References

https://www.ibm.com/support/pages/node/6593721

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/227364

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 10, 2022
Vulnerability Reserved
May 12, 2022