CVE-2022-40608

CVSS 5.9 MEDIUMEPSS 1.6%

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.9EPSS 1.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

19 sep 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.

CVSS:3.0/A:N/I:N/PR:N/AC:H/C:H/AV:N/UI:N/S:U/RC:C/E:U/RL:O

Productos afectados

IBM · Spectrum Protect Plus

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://exchange.xforce.ibmcloud.com/vulnerabilities/235873 https://www.ibm.com/support/pages/node/6620209