IBM Spectrum Protect Plus 10.1.11 Exposes Private Key in TLS .crt File
CVE-2022-40234 Published on September 19, 2022
Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718.
Products Associated with CVE-2022-40234
Want to know whenever a new CVE is published for IBM Spectrum Protect Plus? stack.watch will email you.
Affected Versions
IBM Spectrum Protect Plus:- Version 10.1.0 is affected.
- Version 10.1.11 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.