How severe is CVE-2022-22487?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2022-22487?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2022-22487 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.

Related Vulnerabilities

CVE-2019-4068

MEDIUM

CVSS:5.9(Medium)

IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnerable to user enumeration, allowing an attacker to brute force into the system. IBM X-Force ID: 157013.

CWE-3072019

CVE-2021-20415

MEDIUM

CVSS:5.9(Medium)

IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196217.

CWE-3072021

CVE-2021-38890

MEDIUM

CVSS:5.9(Medium)

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.

CWE-3072021

CVE-2022-22485

MEDIUM

CVSS:5.9(Medium)

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the...

CWE-3072022

CVE-2024-3202

MEDIUM

CVSS:5.9(Medium)

A vulnerability, which was classified as problematic, has been found in codelyfe Stupid Simple CMS 1.2.4. This issue affects some unknown processing of the component Login Page. The manipulation leads...

CWE-3072024

CVE-2014-2875

MEDIUM

CVSS:6.1(Medium)

The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOT...

CWE-3072014