{ "CVE_data_meta" : { "DATE_PUBLIC" : "2022-03-18T00:00:00", "ASSIGNER" : "psirt@us.ibm.com", "STATE" : "PUBLIC", "ID" : "CVE-2022-22394" }, "data_format" : "MITRE", "affects" : { "vendor" : { "vendor_data" : [ { "vendor_name" : "IBM", "product" : { "product_data" : [ { "version" : { "version_data" : [ { "version_value" : "8.1.14.000" } ] }, "product_name" : "Spectrum Protect Server" } ] } } ] } }, "data_type" : "CVE", "description" : { "description_data" : [ { "lang" : "eng", "value" : "The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server." } ] }, "impact" : { "cvssv3" : { "BM" : { "C" : "H", "UI" : "N", "SCORE" : "7.500", "I" : "H", "AV" : "N", "PR" : "L", "AC" : "H", "A" : "H", "S" : "U" }, "TM" : { "E" : "U", "RL" : "O", "RC" : "C" } } }, "data_version" : "4.0", "references" : { "reference_data" : [ { "name" : "https://www.ibm.com/support/pages/node/6564745", "url" : "https://www.ibm.com/support/pages/node/6564745", "title" : "IBM Security Bulletin 6564745 (Spectrum Protect Server)", "refsource" : "CONFIRM" }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/222147", "name" : "ibm-spectrum-cve202222394-priv-esc (222147)", "title" : "X-Force Vulnerability Report", "refsource" : "XF" } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "value" : "Gain Privileges", "lang" : "eng" } ] } ] } }