Lucene search
K

12 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/04/24 12:15 a.m.15 views

Security Bulletin: Static Credential Vulnerability in IBM Spectrum Protect Plus (CVE-2020-4854)

Summary IBM Spectrum Protect Plus contains hard-coded credentials which could allow a remote attacker to gain elevated privileges. UPDATED: 24 February 2021 - Remediation/Fixes section updated with additional vSnap requirements for upgrading to 10.1.7. UPDATED: 23 April 2021 - Added 10.1.8 fix...

9.8CVSS0.2AI score0.02401EPSS
Exploits1Affected Software1
OSV
OSV
added 2021/01/08 7:15 p.m.8 views

CVE-2020-5020

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

6.1CVSS6.5AI score0.00886EPSS
Exploits0References2
Prion
Prion
added 2021/01/08 7:15 p.m.18 views

Information disclosure

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658...

5CVSS5AI score0.00999EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/01/08 12:0 a.m.8 views

IBM Spectrum Protect Plus 安全漏洞

IBM Spectrum Protect Plus is a data protection and availability solution for virtualized environments that can be deployed in minutes and protect your environment in less than an hour. A clickjacking vulnerability exists in IBM Spectrum Protect Plus 10.1.0 - 10.1.6. An attacker can exploit this...

6.1CVSS6.5AI score0.00886EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/07 10:47 p.m.28 views

Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-5017, CVE-2020-5018, CVE-2020-5019, CVE-2020-5020, CVE-2020-5021, CVE-2020-5022)

Summary IBM Spectrum Protect Plus is vulnerable to exposure of sensitive data, clickjacking, HTTP header injection, failure to invalidate sessions, and unauthorized access to information. Vulnerability Details CVEID: CVE-2020-5018 DESCRIPTION: IBM Spectrum Protect Plus may include sensitive...

7.5CVSS0.7AI score0.01322EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/01/07 12:0 a.m.5 views

CVE-2020-5017

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653...

5.5CVSS4.8AI score0.00283EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2020/11/20 12:0 a.m.9 views

IBM Spectrum Protect Plus 信任管理问题漏洞

IBM Spectrum Protect Plus is a data protection and availability solution for virtualized environments that can be deployed in minutes and protect your environment in less than an hour. A hard-coded credentials vulnerability exists in IBM Spectrum Protect Plus 10.1.0 - 10.1.6. An attacker can...

9.8CVSS7.3AI score0.02401EPSS
Exploits1References8
OSV
OSV
added 2020/09/15 2:15 p.m.4 views

CVE-2020-4703

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188...

8CVSS6.1AI score0.01765EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/14 7:45 p.m.41 views

Security Bulletin: Docker vulnerability affects IBM Spectrum Protect Plus (CVE-2020-13401)

Summary Docker is vulnerable to a man-in-the-middle attack which could affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-13401 DESCRIPTION: Docker Docker CE is vulnerable to a man-in-the-middle attack, caused by improper validation of router advertisements. By sending rogue...

6CVSS1.5AI score0.02839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/14 7:37 p.m.30 views

Security Bulletin: Directory Traversal and Execution of Arbitrary Code vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4711, CVE-2020-4703)

Summary IBM Spectrum Protect Plus is vulnerable to directory traversal and execution of arbitrary code on the system. Vulnerability Details CVEID: CVE-2020-4711 DESCRIPTION: IBM Spectrum Protect Plus could allow a remote attacker to traverse directories on the system. An attacker could send a...

8CVSS2.5AI score0.02606EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/31 7:29 p.m.36 views

Security Bulletin: Vulnerability in Bash affects IBM Spectrum Protect Plus (CVE-2019-9924)

Summary A vulnerability in Bash could allow a remote attacker to executive arbitrary commands on the system which may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-9924 DESCRIPTION: Bash could allow a remote authenticated attacker to execute arbitrary commands on the...

7.8CVSS3AI score0.00415EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2020/08/04 4:0 p.m.21 views

CVE-2020-4631

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372...

5.1CVSS5.2AI score0.00245EPSS
Exploits0References2
Rows per page
Query Builder