CVE-2022-22484

Vulnerability

IBM Spectrum Protect Operations Center versions 8.1.12.000 through 8.1.13.xxx [1] stores user account passwords in the browser's application command history in plain text. The vulnerability is present when a user accesses the Operations Center via a web browser, as the application passes credentials on the command line or URL that is then recorded by the browser's history feature. No special configuration or additional components are required for the vulnerable code path to be reachable.

Exploitation

An attacker must have local access to the machine where the browser history is stored. No authentication or special privileges are needed on the victim's system beyond being able to read the browser history data. The exploit involves the attacker accessing the saved browser history (e.g., via the browser's history file or UI) and locating the entries containing the plain text passwords for other user accounts used with IBM Spectrum Protect Operations Center.

Impact

On successful exploitation, the attacker gains the plain text passwords of other user accounts that have been used to log into IBM Spectrum Protect Operations Center from that browser. The impact is primarily confidentiality, with a CVSS v3.0 base score of 5.1 (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) [1]. The attacker does not gain elevated privileges directly, but the stolen credentials can be used to impersonate or access resources associated with the compromised accounts.

Mitigation

IBM has not released a fix for this vulnerability as of the publication date (13 May 2022) [1]. The advisory states no workarounds or mitigations are available [1]. Users should ensure that browser history is cleared after each session and that the machine is physically secure. Organizations should monitor for updates on the IBM support page for affected versions 8.1.12.000 through 8.1.13.xxx [1]. This CVE is not on the CISA Known Exploited Vulnerabilities (KEV) list.