nvd-json-data-feeds/CVE-2022/CVE-2022-224xx/CVE-2022-22485.json

{
  "id": "CVE-2022-22485",
  "sourceIdentifier": "psirt@us.ibm.com",
  "published": "2022-06-17T16:15:08.563",
  "lastModified": "2022-06-28T13:54:09.010",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325."
    },
    {
      "lang": "es",
      "value": "En algunos casos, un intento fallido de iniciar sesi\u00f3n en IBM Spectrum Protect Operations Center versiones 8.1.0.000 hasta 8.1.14.000, no causa que el recuento de inicios de sesi\u00f3n no v\u00e1lidos del administrador sea incrementado en el servidor de IBM Spectrum Protect. Un atacante podr\u00eda aprovechar esta vulnerabilidad usando t\u00e9cnicas de fuerza bruta para conseguir acceso administrativo no autorizado al servidor IBM Spectrum Protect. IBM X-Force ID: 226325"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV30": [
      {
        "source": "psirt@us.ibm.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "8.1.0.000",
              "versionEndIncluding": "8.1.14.000",
              "matchCriteriaId": "C0B4D03E-C69B-4ECA-820C-27659A132230"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
            },
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325",
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.ibm.com/support/pages/node/6595655",
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}