48 matches found
IBM Storage Protect Server SQL Injection Vulnerability
IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...
CVE-2025-13855
IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...
Security Bulletin: IBM Storage Protect Server is affected by vulnerabilities in the Eclipse Jetty web server library that could lead to denial-of-service due to issues in certificate and protocol handling (CVE-2024-6763, CVE-2024-8184).
Summary IBM Storage Protect Server uses the Eclipse Jetty web server library in certain components. Vulnerabilities related to certificate and protocol handling in the Jetty library may allow specially crafted requests to trigger denial-of-service conditions in applications using the affected...
Security Bulletin: IBM Storage Protect Server is susceptible to a vulnerability due to Golang crypto library
Summary Golang crypto library is used by the IBM Storage Protect Server Object Agent and OSSM component. Golang crypto is vulnerable to Denial of Service, This bulletin identifies the steps to address the vulnerabilities. CVE-2025-22869. Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH...
Security Bulletin: IBM Storage Protect Server is susceptible to a vulnerability due to Golang CoreDNS library
Summary Golang CoreDNS library is used by the IBM Storage Protect Server OSSM component. Golang CoreDBS is vulnerable to Denial of service , This bulletin identifies the steps to address the vulnerabilities. CVE-2025-58063. Vulnerability Details CVEID:CVE-2025-58063 DESCRIPTION: CoreDNS is a DNS...
Security Bulletin: IBM Storage Protect Server is vulnerable to improper access control and stack overflow due to IBM SDK, Java (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)
Summary IBM SDK, Java is vulnerable to improper access control and stack overflow, IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL...
Security Bulletin: IBM Storage Protect Server is vulnerable to authorization bypass attack due to built-in admin account (CVE-2025-3319)
Summary The IBM Storage Protect server contains a built-in admin account which is vulnerable to an authorization bypass attack by using custom client. Vulnerability Details CVEID:CVE-2025-3319 DESCRIPTION: IBM Spectrum Protect Server could allow attacker to bypass authentication due to improper...
Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.
Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, remote code execution or loss of confidentiality, integrity or availability. CVE-2023-39976, CVE-2023-40373, CVE-2023-40372, CVE-2023-30987, CVE-2023-38719,...
Security Bulletin: IBM Storage Protect Server is susceptible to vulnerabilities due to golang-JWT (CVE-2024-51744)
Summary Golang JWT is used by the IBM Storage Protect Server OSSM and Object Agent component. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of th...
Security Bulletin: IBM Storage Protect Server is susceptible to denial of service due to CoreDNS (CVE-2023-28452).
Summary The IBM Storage Protect Server is susceptible to denial of service caused by improper input validation linked to CoreDNS. Vulnerability Details CVEID:CVE-2023-28452 DESCRIPTION: CoreDNS is vulnerable to a denial of service, caused by improper input validation . By sending a specially...
Security Bulletin: IBM Storage Protect Server is vulnerable to authorization bypass attack due to Golang Go (CVE-2024-45337)
Summary Golang Go is used by the IBM Storage Protect Server OSSM component and is vulnerable to an authorization bypass attack due to a security issue in golang.org/x/crypto. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse...
Security Bulletin: IBM Storage Protect Server may be vulnerable to denial-of-service attack due to Golang Go (CVE-2024-45338)
Summary Golang Go is used by the IBM Storage Protect Server OSSM component and is vulnerable to a denial-of-service DoS attack due to inefficient regular expression complexity in golang.org/x/net. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse...
Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2024-34158, CVE-2024-34155, CVE-2024-34156).
Summary Golang Go is used by the IBM Storage Protect Server OSSM component and is affected by multiple vulnerabilities that could lead to a denial-of-service DoS attack on the host system. This bulletin provides the necessary steps to mitigate these vulnerabilities. Vulnerability Details...
Security Bulletin: IBM Storage Protect Server is vulnerable due to Eclipse Jetty (CVE-2024-9823)
Summary IBM Storage Protect Server uses Eclipse Jetty and may be vulnerable to deial-of-service attack due to issues with OutofMemory errors related with DosFilter. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: There exists a security vulnerability in Jetty's DosFilter which can be...
Security Bulletin: IBM Storage Protect Server is vulnerable due to Eclipse Jetty (CVE-2024-6763)
Summary IBM Storage Protect Server uses Eclipse Jetty and may be vulnerable to an open redirect attack due to issues with HttpURI parsing and validation checks. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servle...
Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server ( CVE-2024-45663, CVE-2024-41762, CVE-2024-41761, CVE-2024-40679, CVE-2024-37071)
Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, loss of confidentiality, integrity or availability. CVE-2024-45663, CVE-2024-41762, CVE-2024-41761, CVE-2024-40679, CVE-2024-37071. This bulletin identifies the...
Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.
Summary IBM Storage Protect Server, which uses IBM Db2, may be affected by multiple vulnerabilities that could result in denial of service or the loss of confidentiality, integrity, or availability. These vulnerabilities include CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308,...
Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2023-45288).
Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of availability of host system. This bulletin identifies the steps to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/2...
Security Bulletin: IBM Storage Protect Server is susceptible to multiple authentication related vulnerabilities due to coreDNS (CVE-2022-2837, CVE-2022-2835, CVE-2024-0874).
Summary The IBM Storage Protect Server is susceptible to authentication-related vulnerabilities linked to coreDNS. These vulnerabilities may allow authenticated attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2022-2837 DESCRIPTION: coreDNS could allow a remote...
Security Bulletin: IBM Storage Protect Server is susceptible to multiple vulnerabilities due to key-value store "etcd". (CVE-2018-1098, CVE-2018-1099, CVE-2022-34038, CVE-2021-2823).
Summary The distributed key-value store, etcd, used by IBM Storage Protect Server is vulnerable to cross-site scripting, denial of service, or unauthorized access to the host system. This bulletin outlines the steps to address these vulnerabilities. Vulnerability Details CVEID:CVE-2018-1098...