Vulnerabilities > CVE-2022-22485 - Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Protect Operations Center

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ibm

CWE-307

critical

NVD

Published: 2022-06-17

Updated: 2023-08-08

Summary

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Spectrum Protect Operations Center 8.1.0.000 IBM Spectrum Protect Operations Center 8.1.1.000 IBM Spectrum Protect Operations Center 8.1.2.000 IBM Spectrum Protect Operations Center 8.1.3.000 IBM Spectrum Protect Operations Center 8.1.4.000 IBM Spectrum Protect Operations Center 8.1.5.000 IBM Spectrum Protect Operations Center 8.1.6.000 IBM Spectrum Protect Operations Center 8.1.7.000 IBM Spectrum Protect Operations Center 8.1.8.000 IBM Spectrum Protect Operations Center 8.1.9.000 IBM Spectrum Protect Operations Center 8.1.10 IBM Spectrum Protect Operations Center 8.1.10.000 IBM Spectrum Protect Operations Center 8.1.10.200 IBM Spectrum Protect Operations Center 8.1.13.000 IBM Spectrum Protect Operations Center 8.1.14.000	15
OS	Ibm IBM AIX -	1
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References