cve-2022-22354
Vulnerability from cvelistv5
Published
2022-03-14 16:45
Modified
2024-09-17 03:08
Severity
Summary
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.
References
Source | URL | Tags |
---|---|---|
psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/220485 | VDB Entry, Vendor Advisory |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6562479 | Vendor Advisory |
psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6562989 | Vendor Advisory |
Impacted products
Vendor | Product |
---|---|
IBM | Spectrum Copy Data Management |
IBM | Spectrum Protect Plus |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:14:54.716Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6562479" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.ibm.com/support/pages/node/6562989" }, { "name": "ibm-spectrum-cve202222354-dos (220485)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220485" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Spectrum Copy Data Management", "vendor": "IBM", "versions": [ { "status": "affected", "version": "2.2.0.0" }, { "status": "affected", "version": "2.2.14.3" } ] }, { "product": "Spectrum Protect Plus", "vendor": "IBM", "versions": [ { "status": "affected", "version": "10.1.0.0" }, { "status": "affected", "version": "10.1.9.2" } ] } ], "datePublic": "2022-03-11T00:00:00", "descriptions": [ { "lang": "en", "value": "IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/S:U/UI:N/AC:L/AV:L/I:N/A:H/PR:N/C:N/RL:O/E:U/RC:C", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-14T16:45:22", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6562479" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.ibm.com/support/pages/node/6562989" }, { "name": "ibm-spectrum-cve202222354-dos (220485)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220485" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-03-11T00:00:00", "ID": "CVE-2022-22354", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Spectrum Copy Data Management", "version": { "version_data": [ { "version_value": "2.2.0.0" }, { "version_value": "2.2.14.3" } ] } }, { "product_name": "Spectrum Protect Plus", "version": { "version_data": [ { "version_value": "10.1.0.0" }, { "version_value": "10.1.9.2" } ] } } ] }, "vendor_name": "IBM" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485." } ] }, "impact": { "cvssv3": { "BM": { "A": "H", "AC": "L", "AV": "L", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N" }, "TM": { "E": "U", "RC": "C", "RL": "O" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of Service" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6562479", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6562479 (Spectrum Copy Data Management)", "url": "https://www.ibm.com/support/pages/node/6562479" }, { "name": "https://www.ibm.com/support/pages/node/6562989", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6562989 (Spectrum Protect Plus)", "url": "https://www.ibm.com/support/pages/node/6562989" }, { "name": "ibm-spectrum-cve202222354-dos (220485)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220485" } ] } } } }, "cveMetadata": { "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22354", "datePublished": "2022-03-14T16:45:22.864779Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-17T03:08:31.357Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-22354\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2022-03-14T17:15:08.040\",\"lastModified\":\"2022-03-22T14:49:37.177\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.\"},{\"lang\":\"es\",\"value\":\"IBM Spectrum Protect Plus versiones 10.1.0.0 hasta 10.1.9.2 e IBM Spectrum Copy Data Management versiones 2.2.0.0 hasta 2.2.14.3, no limitan la duraci\u00f3n de una conexi\u00f3n, lo que podr\u00eda permitir un ataque de denegaci\u00f3n de servicio HTTP Slowloris. Esto puede causar que la consola de administraci\u00f3n deje de responder. IBM X-Force ID: 220485\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.5,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:spectrum_copy_data_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0.0\",\"versionEndExcluding\":\"2.2.15\",\"matchCriteriaId\":\"97BA0DB5-BB5C-471A-A409-1DB7ABD78CA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:spectrum_protect_plus:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndExcluding\":\"10.1.9.3\",\"matchCriteriaId\":\"E808AE8E-5D33-47ED-909E-26BCBCDB9599\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BA79AC0-A0CC-4EE6-AEF5-9B8C8EA2C9F1\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/220485\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6562479\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/6562989\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...