VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 10, 2022· Updated Sep 16, 2024

CVE-2022-22426

CVE-2022-22426

Description

IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Spectrum Copy Data Management Admin 2.2.0.0-2.2.15.0 allows local attackers to bypass authentication due to improper session management, gaining unauthorized access to metadata.

Vulnerability

IBM Spectrum Copy Data Management Admin versions 2.2.0.0 through 2.2.15.0 are affected by a vulnerability in session management. The lack of proper session handling allows a local attacker to bypass authentication restrictions and gain unauthorized access to the Spectrum Copy Data Management catalog, which contains metadata [1].

Exploitation

An attacker with local access to the system can exploit this vulnerability without any authentication or user interaction. The attack complexity is high, as it requires local access and knowledge of the session management flaw [1]. The exact exploitation steps are not detailed in the available references, but the vulnerability is triggered by the absence of proper session validation.

Impact

Successful exploitation allows the attacker to bypass authentication and access the Spectrum Copy Data Management catalog, leading to unauthorized disclosure of metadata. The confidentiality impact is low, and there is no impact on integrity or availability [1].

Mitigation

IBM has released a fix for this vulnerability. Users should upgrade to IBM Spectrum Copy Data Management Admin version 2.2.16.0 or later as specified in the security bulletin [1]. No workarounds are documented.

References
  1. Security Bulletin: IBM Spectrum Copy Data Management is vulnerable to bypassing authentication, information disclosure, XSS, CSRF, and reverse tabnabbing

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.