Latest ibm spectrum protect plus Vulnerabilities

CVE-2023-47148
IBM Storage Protect Plus Server information disclosure
IBM Storage Protect Plus vSnap<=10.1
IBM Spectrum Protect Plus>=10.1.0<10.1.15.3
Linux Linux kernel
IBM-6847627
IBM Spectrum Protect Plus<=10.1.0-10.1.12
CVE-2020-4497
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An att...
IBM Spectrum Protect Plus>=10.1.0<10.1.13
IBM Spectrum Protect Plus<=10.1.0-10.1.12
CVE-2022-40608
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This re...
IBM Spectrum Protect Plus>=10.1.6<=10.1.11
IBM Spectrum Protect Plus File Systems Agent<=10.1.6-10.1.11
IBM-6619947
IBM Spectrum Protect Plus<=10.1.0-10.1.11
CVE-2022-40234
Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM ...
IBM Spectrum Protect Plus<=10.1.0-10.1.11
IBM Spectrum Protect Plus<10.1.12
CVE-2022-22396
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP creden...
IBM Spectrum Protect Plus>=10.1.0<10.1.10
Linux Linux kernel
IBM Spectrum Protect Plus<=10.1.0.0-10.1.9.3
IBM-6591505
IBM Spectrum Protect Plus<=10.1.0.0-10.1.9.3
IBM-6562989
IBM Spectrum Protect Plus<=10.1.0.0-10.1.9.2
CVE-2022-22354
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial...
IBM Spectrum Copy Data Management>=2.2.0.0<2.2.15
IBM Spectrum Protect Plus>=10.1.0<10.1.9.3
Linux Linux kernel
IBM Spectrum Protect Plus<=10.1.0.0-10.1.9.2
IBM-6525346
IBM Spectrum Protect Plus<=10.1.0.0-10.1.8.x
CVE-2021-39063
IBM Spectrum Protect Plus uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access...
IBM Spectrum Protect Plus<=10.1.0.0-10.1.8.x
IBM Spectrum Protect Plus>=10.1.0<10.1.9
Linux Linux kernel
CVE-2021-39057
IBM Spectrum Protect Plus is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network en...
IBM Spectrum Protect Plus<=10.1.0.0-10.1.8.x
IBM Spectrum Protect Plus>=10.1.0<10.1.9
Linux Linux kernel
CVE-2020-4496
The IBM Spectrum Protect Plus server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation.
IBM Spectrum Protect Plus<=10.1.0.0-10.1.8.x
IBM Spectrum Protect Plus>=10.1.0<=10.1.8.1
Linux Linux kernel
CVE-2021-23222
PostgreSQL is vulnerable to a man-in-the-middle attack, caused by improper validation of user-supplied input by libpq. A remote attacker could exploit this vulnerability to launch a man-in-the-middle ...
IBM Spectrum Protect Plus<=10.1.0.0-10.1.9.2
redhat/postgresql<9.6.24
redhat/postgresql<10.19
redhat/postgresql<11.14
redhat/postgresql<12.9
redhat/postgresql<13.5
and 7 more
CVE-2021-3669
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
Linux Linux kernel
IBM Spectrum Copy Data Management>=2.2.0.0<=2.2.15.0
IBM Spectrum Protect Plus>=10.1.0<=10.1.10.2
Linux Linux kernel
and 161 more
IBM-6466609
IBM Spectrum Protect Plus<=10.1.0-10.1.8
IBM-6445735
IBM Spectrum Protect Plus<=10.1.0-10.1.7
CVE-2021-20432
IBM Spectrum Protect Plus uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being li...
IBM Spectrum Protect Plus<=10.1.0-10.1.7
IBM Spectrum Protect Plus>=10.1.0<=10.1.7
Linux Linux kernel
CVE-2021-29694
IBM Spectrum Protect Plus uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
IBM Spectrum Protect Plus<=10.1.0-10.1.7
IBM Spectrum Protect Plus>=10.1.0<=10.1.7
Linux Linux kernel
IBM-6445733
IBM Spectrum Protect Plus<=10.1.0-10.1.7
IBM-6410888
IBM Spectrum Protect Plus<=10.1.0-10.1.7
IBM-6398754
IBM Spectrum Protect Plus<=10.1.0-10.1.6
CVE-2020-5017
IBM Spectrum Protect Plus may allow a local user to obtain access to information beyond their intended role and permissions.
IBM Spectrum Protect Plus<=10.1.0-10.1.6
IBM Spectrum Protect>=10.1.0<10.1.7
Linux Linux kernel
CVE-2020-5020
IBM Spectrum Protect Plus could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerab...
IBM Spectrum Protect Plus<=10.1.0-10.1.6
IBM Spectrum Protect Plus>=10.1.0<10.1.7
Linux Linux kernel
CVE-2020-5019
IBM Spectrum Protect Plus is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could explo...
IBM Spectrum Protect Plus<=10.1.0-10.1.6
IBM Spectrum Protect Plus>=10.1.0<10.1.7
Linux Linux kernel
CVE-2020-5021
IBM Spectrum Protect Plus does not invalidate session after a password reset which could allow a local user to impersonate another user on the system.
IBM Spectrum Protect Plus<=10.1.0-10.1.6
IBM Spectrum Protect Plus>=10.1.0<10.1.7
Linux Linux kernel
IBM-6368601
IBM Spectrum Protect Plus<=10.1.0-10.1.6
CVE-2020-4854
IBM Spectrum Protect Plus contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or ...
IBM Spectrum Protect Plus<=10.1.0-10.1.6
IBM Spectrum Protect Plus>=10.1.0<=10.1.6
Linux Linux kernel
IBM-6367823
IBM Spectrum Protect Plus<=10.1.0-10.1.6
CVE-2020-4783
IBM Spectrum Protect Plus could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnera...
IBM Spectrum Protect Plus<=10.1.0-10.1.6
IBM Spectrum Protect Plus>=10.1.0<=10.1.6
Linux Linux kernel
CVE-2020-4711
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc...
IBM Spectrum Protect Plus>=10.1.0<=10.1.6
CVE-2020-4703
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. T...
IBM Spectrum Protect Plus>=10.1.0<=10.1.6
IBM-6328867
IBM Spectrum Protect Plus<=10.1.0-10.1.6
CVE-2020-4631
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to ...
IBM Spectrum Protect Plus>=10.1.0<=10.1.6
Microsoft Windows
IBM-6255116
IBM Spectrum Protect Plus<=10.1.0-10.1.6
IBM-6238920
IBM Spectrum Protect Plus<=10.1.0-10.1.5
CVE-2020-4471
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote serve...
IBM Spectrum Protect Plus>=10.1.0<=10.1.5
CVE-2020-4470
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. I...
IBM Spectrum Protect Plus>=10.1.0<=10.1.5
CVE-2020-4469
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnera...
IBM Spectrum Protect Plus>=10.1.0<=10.1.5
IBM-6221332
IBM Spectrum Protect Plus<=10.1.0-10.1.5
CVE-2020-4477
IBM Spectrum Protect Plus>=10.1.0<=10.1.5
IBM Spectrum Protect Plus<=10.1.0-10.1.5
CVE-2020-4216
IBM Spectrum Protect Plus Hardcoded Username And Password Authentication Bypass Vulnerability
IBM Spectrum Protect Plus
IBM Spectrum Protect Plus<=10.1.0-10.1.5
IBM Spectrum Protect Plus>=10.1.0<=10.1.5
IBM-6221358
IBM Spectrum Protect Plus<=10.1.0-10.1.5
CVE-2020-4242
IBM Spectrum Scale and IBM Spectrum Protect Plus could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could expl...
IBM Spectrum Protect Plus<=10.1.0-10.1.5
IBM Spectrum Protect Plus>=10.1.0<=10.1.5
IBM Spectrum Scale>=10.1.0<=10.1.5
CVE-2020-4206
IBM Spectrum Protect Plus could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input.
IBM Spectrum Protect Plus<=10.1.0-10.1.5
IBM Spectrum Protect Plus>=10.1.0<=10.1.5
CVE-2020-4240
IBM Spectrum Protect Plus could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the syst...
IBM Spectrum Protect Plus<=10.1.0-10.1.5
IBM Spectrum Protect Plus>=10.1.0<=10.1.5
CVE-2020-4214
IBM Spectrum Protect Plus could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input.
IBM Spectrum Protect Plus<=10.1.0-10.1.5
IBM Spectrum Protect Plus>=10.1.0<=10.1.5
CVE-2020-4208
IBM Spectrum Protect Plus contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or ...
IBM Spectrum Protect Plus<=10.1.0-10.1.5
IBM Spectrum Protect Plus>=10.1.0<=10.1.5
IBM-6114130
IBM Spectrum Protect Plus<=10.1.0-10.1.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203