CVE-2022-30611
Description
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 227364.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to stored cross-site scripting via form fields in the portal UI, allowing cookie theft.
Vulnerability
IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0 are vulnerable to stored cross-site scripting (XSS) due to improper validation of user-supplied input. The vulnerability exists in certain form fields within the portal user interface. An attacker can inject malicious script into a web page that will be executed in the context of the victim's browser when the page is viewed [1].
Exploitation
A remote attacker with network access to the affected portal UI can craft a malicious input in one of the vulnerable form fields. The attacker does not require authentication to inject the payload, though user interaction is required—the victim must view the page containing the injected script. The injected script is stored and executed when other users navigate to that page [1].
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser within the security context of the Spectrum Copy Data Management web application. This can be used to steal the victim's cookie-based authentication credentials, leading to session hijacking and unauthorized access to the application [1].
Mitigation
IBM has released a fix as part of IBM Spectrum Copy Data Management version 2.2.16.0 or later. Users should upgrade to the latest version to mitigate this vulnerability. No workarounds are documented in the available reference [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 2.2.0.0 through 2.2.15.0
- IBM/Spectrum Copy Data Managementv5Range: 2.2.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- exchange.xforce.ibmcloud.com/vulnerabilities/227364mitrevdb-entryx_refsource_XF
- www.ibm.com/support/pages/node/6593721mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.