Filtered by vendor Ibm
Subscriptions
Filtered by product Spectrum Protect Plus
Subscriptions
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4206 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | 8.8 High |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966. | ||||
| CVE-2019-4652 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-09-16 | 7.1 High |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963. | ||||
| CVE-2019-4385 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | 6.5 Medium |
| IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173. | ||||
| CVE-2019-4703 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | 5.3 Medium |
| IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information. | ||||
| CVE-2020-4241 | 1 Ibm | 2 Spectrum Protect Plus, Spectrum Scale | 2024-09-16 | 8.8 High |
| IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. | ||||
| CVE-2020-4240 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | 6.5 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417. | ||||
| CVE-2020-4469 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | 9.8 Critical |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724. | ||||
| CVE-2021-20536 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2024-09-16 | 6.2 Medium |
| IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. | ||||
| CVE-2020-4209 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-09-16 | 5.4 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019. | ||||
| CVE-2018-1768 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | N/A |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622. | ||||
| CVE-2019-4383 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | 6.7 Medium |
| When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165. | ||||
| CVE-2020-5021 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-09-16 | 4.4 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657. | ||||
| CVE-2020-4477 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | 6.5 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779. | ||||
| CVE-2021-39057 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-09-16 | 8.1 High |
| IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616. | ||||
| CVE-2020-4214 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | 7.5 High |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026. | ||||
| CVE-2020-4703 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | 8.0 High |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188. | ||||
| CVE-2020-4496 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-09-16 | 5.9 Medium |
| The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046. | ||||
| CVE-2020-5023 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | 7.5 High |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659. | ||||
| CVE-2021-20432 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-09-16 | 6.5 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 196344. | ||||
| CVE-2022-22396 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-09-16 | 7.5 High |
| Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231. | ||||