CVE-2022-22494
Description
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 discloses database details via a specially-crafted HTTP request, aiding future attacks.
Vulnerability
IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.14 are vulnerable to an information disclosure issue. A remote attacker can send a specially-crafted HTTP request that causes the application to return error messages containing database type and version details [1]. No authentication is required to trigger this condition.
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by sending a crafted HTTP request to the affected server. The request triggers error responses that leak sensitive database metadata. The attack complexity is high (per CVSS vector), but no user interaction is required [1].
Impact
Successful exploitation allows the attacker to obtain the database type and version. This information has low direct confidentiality impact but can be leveraged to tailor further attacks against the database. The vulnerability does not allow modification or deletion of data [1].
Mitigation
As of the publication date, no fix is available. IBM has not released a patched version beyond 8.1.14 and no workarounds are documented [1]. Users should monitor IBM's security advisories for updates and consider network-level restrictions to limit exposure.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 8.1.0.000 - 8.1.14
- IBM/Spectrum Protect Operations Centerv5Range: 8.1.0.000
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/226940mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6596883mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.