Directory Traversal Vulnerability in IBM Spectrum Protect Plus Software
CVE-2022-40608

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Protect Plus
Vendor: CVE Published:; 19 September 2022

Summary

In IBM Spectrum Protect Plus versions 10.1.6 to 10.1.11, a directory traversal vulnerability allows attackers to manipulate the URL during Microsoft File Systems restore operations. This flaw can lead to unauthorized access to sensitive files on the target machine, posing a significant risk to data security and integrity. Operators may inadvertently restore files that should remain protected, making it crucial for users to apply security patches and monitor their systems for potential exploits.

Affected Version(s)

Spectrum Protect Plus 10.1.6

Spectrum Protect Plus 10.1.11

References

https://www.ibm.com/support/pages/node/6620209

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/235873

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2022
Vulnerability Reserved
Sep 12, 2022