CWE
269
Advisory Published
CVE Published
Updated

CVE-2022-30610

First published: Thu Jun 09 2022(Updated: )

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363.

Credit: psirt@us.ibm.com

Affected SoftwareAffected VersionHow to fix
IBM Spectrum Copy Data Management>=2.2.0.0<=2.2.15.0
Linux Linux kernel
<=2.2.0.0-2.2.15.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2022-30610?

    CVE-2022-30610 is a vulnerability in IBM Spectrum Copy Data Management that allows a malicious page to rewrite it through a technique called reverse tabnabbing.

  • How does IBM Spectrum Copy Data Management become vulnerable to reverse tabnabbing?

    IBM Spectrum Copy Data Management becomes vulnerable to reverse tabnabbing when an administrator enters a link to a malicious URL within the software.

  • What is the impact of CVE-2022-30610?

    The impact of CVE-2022-30610 is that it allows an attacker to redirect a user to a malicious website, potentially leading to further exploitation.

  • Which versions of IBM Spectrum Copy Data Management are affected by CVE-2022-30610?

    Versions 2.2.0.0-2.2.15.0 of IBM Spectrum Copy Data Management are affected by CVE-2022-30610.

  • How can the vulnerability CVE-2022-30610 be fixed?

    To fix the vulnerability CVE-2022-30610, it is recommended to update IBM Spectrum Copy Data Management to a version that is not affected by the vulnerability.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203