CVE-2022-30610
Description
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing, allowing an attacker to rewrite pages with a phishing page.
Vulnerability
IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0 are vulnerable to reverse tabnabbing. The vulnerability occurs when an administrator adds a link to a malicious URL; when another administrator clicks that link, the original page can be rewritten by the linked page. This is due to insufficient validation of the target attribute or lack of rel="noopener noreferrer" on external links.
Exploitation
An attacker must have administrator privileges to insert a malicious link into the application (e.g., in a configuration field or report). The attacker then lures another administrator into clicking the link, which opens a new tab or window. The malicious page can then use window.opener to modify the original page's content, presenting a phishing form.
Impact
If successful, an attacker can overwrite the legitimate IBM Spectrum Copy Data Management interface with a phishing page, potentially stealing credentials or other sensitive information from the victim administrator. The attack targets the integrity and confidentiality of user data via social engineering.
Mitigation
IBM has released a fix as part of a security update. Administrators should upgrade to the latest version of IBM Spectrum Copy Data Management as specified in the security bulletin [1]. No workarounds are available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 2.2.0.0 - 2.2.15.0
- IBM/Spectrum Copy Data Managementv5Range: 2.2.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/227363mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6593721mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.