How severe is CVE-2022-22472?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2022-22472?

This is classified as CWE-281, which is a common weakness in software security.

CVE-2022-22472

MEDIUM Year: 2022

CVSS v3 Score

6.0

Medium

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-281

View all →

Vulnerability Description

IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software. IBM X-Force ID: 225340.

CVE-2022-4326

MEDIUM

CVSS:6.0(Medium)

Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection t...

CWE-2812022

CVE-2024-52869

MEDIUM

CVSS:6.0(Medium)

Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Se...

CWE-2812024

CVE-2022-32969

MEDIUM

CVSS:5.9(Medium)

MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in orde...

CWE-2812022

CVE-2024-22121

MEDIUM

CVSS:6.1(Medium)

A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.

CWE-2812024

CVE-2024-4768

MEDIUM

CVSS:6.1(Medium)

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Th...

CWE-2812024

CVE-2024-50929

MEDIUM

CVSS:6.2(Medium)

Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS).

CWE-2812024

CVE-2022-22472

Vulnerability Description

Related Vulnerabilities

CVE-2022-4326

CVE-2024-52869

CVE-2022-32969

CVE-2024-22121

CVE-2024-4768

CVE-2024-50929