CVE-2023-35897

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2022-34165)

Summary An HTTP header injection vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5,...

Code injection

IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886...

CVE-2022-22478

IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2021-35550, CVE-2021-35603)

Summary Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2021. IBM® Runtime Environment Java™, used by IBM Spectrum Protect Operations Center and Client Management Service, may be affected by the below vulnerabilities CVEs...

Security Bulletin: Information Disclosure and Denial of Service Vulnerabilities in IBM Spectrum Protect Backup-Archive Client (CVE-2022-22478, CVE-2022-22474)

Summary The IBM Spectrum Protect back-up archive client is vulnerable to information disclosure as user credentials are stored in memory in plain text. The back-up archive client is also vulnerable to a denial of service due to certain read operations on TCP/IP sockets. Vulnerability Details CVEI...

CVE-2022-22478

IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886...

Security Bulletin: Vulnerabilities in IBM Java Runtime and IBM WebSphere Application Server Liberty affect IBM Operations Center and Client Management Service (CVE-2021-35578, CVE-2021-35517, CVE-2021-36090)

Summary A denial of service vulnerability in IBM® Runtime Environment Java, disclosed as part of the IBM Java SDK updates in October 2021, can affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service. Denial of service vulnerabilities in Apache Commons...

Security Bulletin: Vulnerabilities in IBM Spectrum Protect Client may affect IBM Spectrum Protect Snapshot for Windows and IBM Spectrum Protect HSM for Windows

Summary The IBM Spectrum Protect Client is used as a component of IBM Spectrum Protect Snapshot for Windows and IBM Spectrum Protect HSM for Windows. Information about security vulnerabilities affecting the IBM Spectrum Protect Client have been published in security bulletins. Vulnerability Detai...

Security Bulletin: Security vulnerabilities have been identified in the IBM Spectrum Protect Client that affect multiple IBM Spectrum Protect products

Summary The IBM Spectrum Protect formerly Tivoli Storage Manager Client is used as a component of IBM Spectrum Protect Snapshot formerly Tivoli Storage FlashCopy Manager for Windows and IBM Spectrum Protect formerly Tivoli Storage Manager HSM for Windows. Information about security vulnerabilitie...

Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect Snapshot on Windows (CVE-2021-44832)

Summary A vulnerability in Apache Log4j could result in remote code execution. IBM Spectrum Protect Snapshot on Windows includes the IBM Spectrum Protect Backup-Archive Cliient which installs the vulnerable Log4j files. Based on current information and analysis, Log4j is not used by IBM Spectrum...

PT-2021-22359 · Ibm · Ibm Spectrum Protect Client

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Client versions 7.1 through 8.1 Description: The issue is caused by improper bounds checking, leading to a stack-based buffer overflow. A local attacker could exploit this and cause a denial of service. Recommendations: F...

Security Bulletin: Genivia gSOAP vulnerabilities affect IBM Spectrum Protect for Virtual Environments:Data Protection for VMware and Spectrum Protect Client (CVE-2020-13575, CVE-2020-13578, CVE-2020-13574, CVE-2020-13577, CVE-2020-13576, CVE-2020-21783)

Summary Vulnerabilities in Genivia gSOAP, such as denial of service or execution of arbitrary code on the system, may affect IBM Spectrum Protect for Virtual Environments: Data Protection for VMware. UPDATED: 14 June 2021 - Added 7.1 fix for IBM Spectrum Protect for Virtual Enviornments:Data...

CVE-2021-29672

IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause...

CVE-2021-20546

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934...

CVE-2021-20532

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811...

Stack overflow

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934...

Stack overflow

IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause...

CVE-2021-29672

IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause...

CVE-2021-20546

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934...