First published: Thu Jun 09 2022(Updated: )
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 227364.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Spectrum Copy Data Management | >=2.2.0.0<=2.2.15.0 | |
Linux Linux kernel | ||
<=2.2.0.0-2.2.15.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-30611.
The severity rating of CVE-2022-30611 is medium (5.4).
IBM Spectrum Copy Data Management version 2.2.0.0 to 2.2.15.0 is affected by CVE-2022-30611.
The vulnerability in IBM Spectrum Copy Data Management allows remote attackers to inject malicious scripts into web pages, which can be executed in a victim's browser.
To fix CVE-2022-30611, users should update to a version of IBM Spectrum Copy Data Management that is not affected by the vulnerability.