CVE-2022-40608

MEDIUM 5.9

CVSS Score

5.9

EPSS Score

0.0%

EPSS Percentile

0th

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.

Vendor	ibm
Product	spectrum protect plus
Published	Sep 19, 2022
Last Updated	Sep 17, 2024

Stay Ahead of the Next One

Get instant alerts for ibm spectrum protect plus

Be the first to know when new medium vulnerabilities affecting ibm spectrum protect plus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/A:N/I:N/PR:N/AC:H/C:H/AV:N/UI:N/S:U/RC:C/E:U/RL:O

Affected Versions

IBM / Spectrum Protect Plus

10.1.6 10.1.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

ibm.com: https://www.ibm.com/support/pages/node/6620209 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/235873