CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31769
https://notcve.org/view.php?id=CVE-2022-31769
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219. IBM Spectrum Copy Data Management versiones 2.2.0.0 hasta 2.2.15.0, podría permitir a un atacante remoto visualizar la información de configuración del producto almacenada en PostgreSQL, que podría usarse en otros ataques contra el sistema. IBM X-Force ID: 228219 • https://exchange.xforce.ibmcloud.com/vulnerabilities/228219 https://www.ibm.com/support/pages/node/6593721 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30611
https://notcve.org/view.php?id=CVE-2022-30611
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 227364. IBM Spectrum Copy Data Management versiones 2.2.0.0 hasta 2.2.15.0, es vulnerable a un ataque de tipo cross-site scripting, causado por una comprobación inapropiada de la entrada suministrada por el usuario. • https://exchange.xforce.ibmcloud.com/vulnerabilities/227364 https://www.ibm.com/support/pages/node/6593721 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30610
https://notcve.org/view.php?id=CVE-2022-30610
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363. IBM Spectrum Copy Data Management versiones 2.2.0.0 hasta 2.2.15.0, es vulnerable a un tabnabbing inverso, que podría permitir reescribir una página enlazada desde IBM Spectrum Copy Data Management versiones. • https://exchange.xforce.ibmcloud.com/vulnerabilities/227363 https://www.ibm.com/support/pages/node/6593721 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22479
https://notcve.org/view.php?id=CVE-2022-22479
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887. IBM Spectrum Copy Data Management versiones 2.2.0.0 hasta 2.2.15.0, es vulnerable a un ataque de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. IBM X-Force ID: 225887 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225887 https://www.ibm.com/support/pages/node/6593721 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22426
https://notcve.org/view.php?id=CVE-2022-22426
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718. IBM Spectrum Copy Data Management Admin versiones 2.2.0.0 hasta 2.2.15.0, podría permitir a un atacante local omitir las restricciones de autenticación, causadas por la falta de una administración de sesiones apropiada. Un atacante podría aprovechar esta vulnerabilidad para omitir la autenticación y conseguir acceso no autorizado al catálogo de Spectrum Copy Data Management que contiene metadatos. • https://exchange.xforce.ibmcloud.com/vulnerabilities/223718 https://www.ibm.com/support/pages/node/6593721 •