IBM Spectrum Protect Plus 10.1.6-10.1.11 File-Download via URL Traversal
CVE-2022-40608 Published on September 19, 2022

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.

NVD

Products Associated with CVE-2022-40608

Want to know whenever a new CVE is published for IBM Spectrum Protect Plus? stack.watch will email you.

IBM Spectrum Protect Plus

Affected Versions

IBM Spectrum Protect Plus:

Version 10.1.6 is affected.
Version 10.1.11 is affected.

Exploit Probability

EPSS

0.70%

Percentile

71.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

IBM Spectrum Protect Plus 10.1.6-10.1.11 File-Download via URL TraversalCVE-2022-40608 Published on September 19, 2022

Products Associated with CVE-2022-40608

Affected Versions

Exploit Probability

IBM Spectrum Protect Plus 10.1.6-10.1.11 File-Download via URL Traversal
CVE-2022-40608 Published on September 19, 2022