CVE-2022-22348
Description
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing, allowing a malicious linked page to rewrite the original window with a phishing page.
Vulnerability
IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing [1]. The vulnerability occurs because links within the Operations Center fail to include the rel="noopener noreferrer" attribute, allowing a linked page to control the window.opener object and potentially rewrite the origin page [1].
Exploitation
An attacker must convince an administrator with access to the Operations Center to click on a crafted link that points to a malicious URL [1]. The attacker first needs to enter or inject this malicious link into a location accessible within Operations Center (e.g., as part of a configuration or stored content) [1]. When the target administrator clicks the link, the malicious page can then modify the original Operations Center page using the window.opener interface [1].
Impact
If successfully exploited, the attacker could rewrite the original Operations Center page with a phishing page or other malicious content [1]. This could lead to disclosure of sensitive information or credential theft from administrators who trust the original interface [1]. The CVSSv3 base score is 4.0, with a vector of AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N, indicating low confidentiality and integrity impact [1].
Mitigation
IBM provides a fix in IBM Spectrum Protect Operations Center version 8.1.14.0 and later [1]. For affected versions between 8.1.0.000 and 8.1.13.xxx, administrators should upgrade to the latest available release [1]. No workarounds are documented [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: >=8.1.0.000 <=8.1.13.xxx
- IBM/Spectrum Protect Operations Centerv5Range: 8.1.0.000
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/220139mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6562855mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.