Unrestricted Connection Length Vulnerability in IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management

Unrestricted Connection Length Vulnerability in IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management

CVE-2022-22354 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.

Learn more about our Web Application Penetration Testing UK.