12 matches found
Security Bulletin: Static Credential Vulnerability in IBM Spectrum Protect Plus (CVE-2020-4854)
Summary IBM Spectrum Protect Plus contains hard-coded credentials which could allow a remote attacker to gain elevated privileges. UPDATED: 24 February 2021 - Remediation/Fixes section updated with additional vSnap requirements for upgrading to 10.1.7. UPDATED: 23 April 2021 - Added 10.1.8 fix...
CVE-2020-5020
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...
Information disclosure
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658...
IBM Spectrum Protect Plus 安全漏洞
IBM Spectrum Protect Plus is a data protection and availability solution for virtualized environments that can be deployed in minutes and protect your environment in less than an hour. A clickjacking vulnerability exists in IBM Spectrum Protect Plus 10.1.0 - 10.1.6. An attacker can exploit this...
Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-5017, CVE-2020-5018, CVE-2020-5019, CVE-2020-5020, CVE-2020-5021, CVE-2020-5022)
Summary IBM Spectrum Protect Plus is vulnerable to exposure of sensitive data, clickjacking, HTTP header injection, failure to invalidate sessions, and unauthorized access to information. Vulnerability Details CVEID: CVE-2020-5018 DESCRIPTION: IBM Spectrum Protect Plus may include sensitive...
CVE-2020-5017
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653...
IBM Spectrum Protect Plus 信任管理问题漏洞
IBM Spectrum Protect Plus is a data protection and availability solution for virtualized environments that can be deployed in minutes and protect your environment in less than an hour. A hard-coded credentials vulnerability exists in IBM Spectrum Protect Plus 10.1.0 - 10.1.6. An attacker can...
CVE-2020-4703
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188...
Security Bulletin: Docker vulnerability affects IBM Spectrum Protect Plus (CVE-2020-13401)
Summary Docker is vulnerable to a man-in-the-middle attack which could affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-13401 DESCRIPTION: Docker Docker CE is vulnerable to a man-in-the-middle attack, caused by improper validation of router advertisements. By sending rogue...
Security Bulletin: Directory Traversal and Execution of Arbitrary Code vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4711, CVE-2020-4703)
Summary IBM Spectrum Protect Plus is vulnerable to directory traversal and execution of arbitrary code on the system. Vulnerability Details CVEID: CVE-2020-4711 DESCRIPTION: IBM Spectrum Protect Plus could allow a remote attacker to traverse directories on the system. An attacker could send a...
Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924)
Summary A vulnerability in Bash could allow a remote attacker to executive arbitrary commands on the system which may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-9924 DESCRIPTION: Bash could allow a remote authenticated attacker to execute arbitrary commands on the...
CVE-2020-4631
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372...