First published: Thu Jun 09 2022(Updated: )
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Spectrum Copy Data Management | >=2.2.0.0<=2.2.15.0 | |
Linux Linux kernel | ||
<=2.2.0.0-2.2.15.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-30610 is a vulnerability in IBM Spectrum Copy Data Management that allows a malicious page to rewrite it through a technique called reverse tabnabbing.
IBM Spectrum Copy Data Management becomes vulnerable to reverse tabnabbing when an administrator enters a link to a malicious URL within the software.
The impact of CVE-2022-30610 is that it allows an attacker to redirect a user to a malicious website, potentially leading to further exploitation.
Versions 2.2.0.0-2.2.15.0 of IBM Spectrum Copy Data Management are affected by CVE-2022-30610.
To fix the vulnerability CVE-2022-30610, it is recommended to update IBM Spectrum Copy Data Management to a version that is not affected by the vulnerability.