CVE-2022-40234

MEDIUM 5.9

CVSS Score

5.9

EPSS Score

0.0%

EPSS Percentile

0th

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718.

Vendor	ibm
Product	spectrum protect plus
Published	Sep 19, 2022
Last Updated	Sep 16, 2024

Stay Ahead of the Next One

Get instant alerts for ibm spectrum protect plus

Be the first to know when new medium vulnerabilities affecting ibm spectrum protect plus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/UI:N/S:U/I:N/A:N/AC:H/PR:N/C:H/RC:C/E:U/RL:O

Affected Versions

IBM / Spectrum Protect Plus

10.1.0 10.1.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

ibm.com: https://www.ibm.com/support/pages/node/6619947 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/235718