CVE-2021-39055

This CVE affects IBM Spectrum Copy Data Management (version 2.2.0.0 through 2.2.14.3). The root cause is an XSS vulnerability in the Web UI due to insufficient input validation/filtering, enabling an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted sess...

CVE-2021-39051

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server...

CVE-2021-39051

CVE-2021-39051 affects IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.14.3. The vulnerability is a server‑side request forgery (SSRF) caused by improper input handling in the application server registration function. A remote attacker can craft the host address and port fields in ...

IBM Spectrum Copy Data Management 注入漏洞

IBM Spectrum Copy Data Management is an IBM company that modernizes, streamlines and automates data center copy management processes. IBM Spectrum Copy Data Management has security vulnerabilities that can be exploited by attackers to conduct a variety of attacks on vulnerable systems, including...

IBM Spectrum Copy Data Management 跨站脚本漏洞

IBM Spectrum Copy Data Management is an implementation of International Business Machines Corporation IBM to modernize, simplify, and automate data center copy management processes.A cross-site scripting vulnerability exists in IBM Spectrum Copy Data Management versions 2.2.0.0 inclusive through...

IBM Spectrum Copy Data Management代码问题漏洞

IBM Spectrum Copy Data Management is an International Business Machines Corporation IBM implementation to modernize, simplify, and automate data center copy management processes. IBM Spectrum Copy Data Management has a security vulnerability that is caused by improperly entered application server...

Security Bulletin: IBM Spectrum Copy Data Management is vulnerable to Slowloris, HTTP header injection, XSS, and CSRF (CVE-2022-22354, CVE-2022-22344, CVE-2021-39055, CVE-2021-39051)

Summary IBM Spectrum Copy Data Management is vulnerable to Slowloris HTTP denial of service, HTTP header injection, cross-site scripting XSS, and server-side request forgery CSRF attacks. Vulnerability Details CVEID: CVE-2022-22354 DESCRIPTION: IBM Spectrum Protect Plus and IBM Spectrum Copy Data...

Security Bulletin: Vulnerabilities in Polkit, PostgreSQL, OpenSSL, OpenSSH, and jQuery affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in Polkit, PostgreSQL, OpenSSL, OpenSSH, and jQuery can affect IBM Spectrum Copy Data Management. Vulnerabilities include elevated privileges, SQL injection, obtaining sensitive information, cross-site scripting, and man-in-the-middle attacks. Vulnerability Details CVEID:...

CVE-2022-22354

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM...

CVE-2022-22344

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

IBM Spectrum Protect Plus和IBM Spectrum Copy Data Management 安全漏洞

IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management are both products of IBM Corporation, U.S.A. IBM Spectrum Protect Plus is a data protection platform. The platform provides enterprises with a single point of control and management and supports backup and recovery for virtual,...

Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Copy Data Management (CVE-2021-44832)

Summary A vulnerability in Apache Log4j could result in remote code execution. This vulnerability may affect the Help system in IBM Spectrum Copy Data Management . The below fix package includes Apache Log4j 2.17.1. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow...

Security Bulletin: Vulnerability in Linux Kernel affects IBM Spectrum Copy Data Management (CVE-2021-29650)

Summary A denial of service vulnerability in the Linux Kernel may affect IBM Spectrum Copy Data Management Vulnerability Details CVEID: CVE-2021-29650 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the lack of a full memory barrier upon the assignment of a new table val...

Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Copy Data Management (CVE-2021-45105, CVE-2021-45046)

Summary Vulnerabilities in Apache Log4j could result in a denial of service or remote code execution. These vulnerabilities may affect the Help system in IBM Spectrum Copy Data Management . The below fix package includes Apache Log4j 2.17 Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION:...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Copy Data Management (CVE-2021-44228)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect the Help system in IBM Spectrum Copy Data Management Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execut...

IBM Spectrum Copy Data Management Unauthorized Access Vulnerability

IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines, and automates data center copy management processes, has a security vulnerability that could be exploited by an attacker to gain unauthorized access to the Spring Boot console...

IBM Spectrum Copy Data Management Input Validation Error Vulnerability

IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines and automates data center copy management processes, has a security vulnerability that stems from the fact that the Spectrum Copy Data Management management console login and upload credentials function incorrectly...

IBM Spectrum Copy Data Management Information Disclosure Vulnerability

IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines and automates data center copy management processes, has a security vulnerability that stems from improper handling of requests to the Spectrum Copy Data Management management console. An attacker could use the...

IBM Spectrum Copy Data Management Information Disclosure Vulnerability (CNVD-2022-05081)

IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines and automates data center copy management processes, has a security vulnerability that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to The vulnerability ste...

IBM Spectrum Copy Data Management Information Disclosure Vulnerability (CNVD-2022-05080)

IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines and automates data center copy management processes, has a security vulnerability that stems from weak authentication and password rules and incorrectly handling of default credentials for the Spectrum Copy Data...