A vulnerability was found in IBM Spectrum Protect Operations Center up to 8.1.14.000 (Backup Software) and classified as problematic. Affected by this issue is an unknown part of the component Sign-on Handler. The manipulation with an unknown input leads to a excessive authentication vulnerability. Using CWE to declare the problem leads to CWE-307. The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks. Impacted is confidentiality. CVE summarizes:

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.

The weakness was disclosed 06/17/2022. The advisory is shared for download at ibm.com. This vulnerability is handled as CVE-2022-22485 since 01/03/2022. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1110.001.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (226325).

Productinfo

Type

• Backup Software

Vendor

• IBM

Name

• Spectrum Protect Operations Center

Version

• 8.1.0
• 8.1.1
• 8.1.2
• 8.1.3
• 8.1.4
• 8.1.5
• 8.1.6
• 8.1.7
• 8.1.8
• 8.1.9
• 8.1.10
• 8.1.11
• 8.1.12
• 8.1.13
• 8.1.14

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion