CVE-2022-40608
Last modified
CVE-2022-40608 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. EPSS estimates a 1.59% chance of exploitation in the next 30 days.
Description
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Spectrum Protect Plus | >= 10.1.6, <= 10.1.11 |
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/235873VDB Entry, Vendor Advisory
- https://www.ibm.com/support/pages/node/6620209Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/235873VDB Entry, Vendor Advisory
- https://www.ibm.com/support/pages/node/6620209Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-40608?
How severe is CVE-2022-40608?
How do I fix CVE-2022-40608?
Are you affected by CVE-2022-40608?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST