VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 19, 2023· Updated Apr 2, 2025

IBM Spectrum Virtualize information disclosure

CVE-2022-39167

Description

IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain configurations, could disclose sensitive information to an attacker using man-in-the-middle techniques. IBM X-Force ID: 235408.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Spectrum Virtualize IP Quorum feature under certain configurations allows man-in-the-middle attacks leading to disclosure of sensitive information.

Vulnerability

A vulnerability in the IP Quorum feature of IBM Spectrum Virtualize allows an attacker to perform man-in-the-middle (MITM) attacks, leading to disclosure of sensitive information. The issue affects versions 7.8, 8.2, 8.3, 8.4, and 8.5 under specific configurations [1].

Exploitation

An attacker with network access can intercept communications between the management GUI and clients. No authentication or user interaction is required, but the attack complexity is high due to the need for specific network conditions. The attacker must be positioned to perform MITM techniques [1].

Impact

Successful exploitation results in the disclosure of sensitive information, impacting confidentiality. There is no impact on integrity or availability. The CVSS base score is 5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) [1].

Mitigation

IBM recommends upgrading to fixed code levels: 8.5.2.0, 8.5.0.6, 8.4.0.9, 8.3.1.9, 8.2.1.16, or 7.8.1.16. Additionally, administrators should request a new system certificate and redeploy the IP Quorum app if the feature is enabled [1].

References
  1. Security Bulletin: Vulnerability in IP Quorum affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • IBM/Spectrum Virtualizellm-create2 versions
    7.8, 8.2, 8.3, 8.4, 8.5+ 1 more
    • (no CPE)range: 7.8, 8.2, 8.3, 8.4, 8.5
    • (no CPE)range: 8.5, 8.4, 8.3, 8.2, 7.8

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.