CVE-2022-22396
First published: Thu Jun 02 2022(Updated: )
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Protect Plus | >=10.1.0<10.1.10 | |
| Linux Linux kernel | ||
| <=10.1.0.0-10.1.9.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-22396?
The severity of CVE-2022-22396 is high.
How are credentials exposed in CVE-2022-22396?
Credentials are printed in clear text in the IBM Spectrum Protect Plus virgo log file in certain cases.
Which software versions are affected by CVE-2022-22396?
IBM Spectrum Protect Plus versions 10.1.0.0 through 10.1.9.3 are affected by CVE-2022-22396.
How can I fix CVE-2022-22396?
Upgrade to IBM Spectrum Protect Plus version 10.1.10 or higher to fix CVE-2022-22396.
Where can I find more information about CVE-2022-22396?
More information about CVE-2022-22396 can be found on the IBM X-Force Exchange website and the IBM Support pages.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- agent/event
- agent/description
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm spectrum protect plus
- version/ibm spectrum protect plus/10.1.0
- vendor/linux
- canonical/linux linux kernel
- version/ibm spectrum protect plus/10.1.0.0-10.1.9.3