What is CVE-2022-22478?

CVE-2022-22478 is a vulnerability in IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 that allows a local user to read user credentials stored in plain clear text.

How severe is CVE-2022-22478?

CVE-2022-22478 has a severity rating of 6.2 (Medium).

How can I verify if my IBM Spectrum Protect Client is affected by CVE-2022-22478?

You can check the version of your IBM Spectrum Protect Client. If it is version 8.1.0.0 through 8.1.14.0, then it is affected.

What is the impact of CVE-2022-22478?

The impact of CVE-2022-22478 is that a local user can read user credentials stored in plain clear text, potentially leading to unauthorized access to sensitive information.

How can I mitigate CVE-2022-22478?

To mitigate CVE-2022-22478, upgrade to a version of IBM Spectrum Protect Client that is not affected by the vulnerability or apply any patches or fixes provided by IBM.

Vulnerability/
CVE-2022-22478

medium

6.2

CWE

312

29/6/2022

30/6/2022

16/9/2024

CVE-2022-22478

First published: Wed Jun 29 2022(Updated: )

IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Spectrum Protect client	>=8.1.0.0<=8.1.14.0
Apple macOS
HP HP-UX
IBM AIX
Linux Linux kernel
Microsoft Windows
Oracle Solaris
	<=8.1.0.0-8.1.14.0

Remedy

https://www.ibm.com/support/pages/node/6596741

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6596741

Frequently Asked Questions

What is CVE-2022-22478?
CVE-2022-22478 is a vulnerability in IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 that allows a local user to read user credentials stored in plain clear text.
How severe is CVE-2022-22478?
CVE-2022-22478 has a severity rating of 6.2 (Medium).
How can I verify if my IBM Spectrum Protect Client is affected by CVE-2022-22478?
You can check the version of your IBM Spectrum Protect Client. If it is version 8.1.0.0 through 8.1.14.0, then it is affected.
What is the impact of CVE-2022-22478?
The impact of CVE-2022-22478 is that a local user can read user credentials stored in plain clear text, potentially leading to unauthorized access to sensitive information.
How can I mitigate CVE-2022-22478?
To mitigate CVE-2022-22478, upgrade to a version of IBM Spectrum Protect Client that is not affected by the vulnerability or apply any patches or fixes provided by IBM.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/remedy
agent/weakness
agent/author
agent/severity
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm spectrum protect client
version/ibm spectrum protect client/8.1.0.0
version/ibm spectrum protect client/8.1.14.0
vendor/apple
canonical/apple macos
vendor/hp
canonical/hp hp-ux
canonical/ibm aix
vendor/linux
canonical/linux linux kernel
vendor/microsoft
canonical/microsoft windows
vendor/oracle
canonical/oracle solaris
version/ibm spectrum protect client/8.1.0.0-8.1.14.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.