EUVD-2018-12367

Malware in sbrugna...

Security Bulletin: IBM Spectrum Protect Server may not count invalid sign-on attempts from Operations Center (CVE-2022-22485)

Summary The IBM Spectrum Protect Server, in certain instances, may not increment the number of invalid sign-on attempts from Operations Center. This could allow an attacker to use brute force techniques to gain access to the IBM Spectrum Protect Server. Vulnerability Details CVEID:CVE-2022-22485...

Vulnerability fixed in IBM Spectrum Protect Server

IBM has fixed a vulnerability in IBM Spectrum Protect Server Versions 8.1 to 8.1.26. The vulnerability is located in IBM Spectrum Protect Server's authentication mechanisms. This flaw allows attackers to bypass authentication, allowing unauthorized users to access sensitive data. This could...

IBM Spectrum Protect Server 访问控制错误漏洞

IBM Spectrum Protect Server is a spectrum protection system from International Business Machines IBM, Inc. provides comprehensive data resiliency for physical file servers, virtual environments, and a wide range of applications. An access control error vulnerability exists in IBM Spectrum Protect...

Security Bulletin: Vulnerabilities in Logback may affect the IBM Spectrum Protect Server (CVE-2023-6378)

Summary The IBM Spectrum Protect Server may be affected by vulnerabilities in Logback such as denial of service caused by a serializaion flaw in the logback receiver component. Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused ...

Security Bulletin: Vulnerabilities in Logback may affect the IBM Spectrum Protect Server (CVE-2023-6481)

Summary The IBM Spectrum Protect Server may be affected by vulnerabilities in Logback such as denial of service caused by a serializaion flaw in the logback receiver component. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused ...

Security Bulletin: Vulnerabilities in IBM Db2 may affect IBM Spectrum Protect Server (CVE-2023-29257, CVE-2023-29255, CVE-2023-27555, CVE-2023-26021, CVE-2023-25930, CVE-2023-26022, CVE-2023-27559)

Summary IBM Spectrum Protect Server may be affected by vulnerabilities in IBM Db2 such as denial of service and remote code execution. Vulnerability Details CVEID:CVE-2023-29257 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to remo...

Security Bulletin: Vulnerabilities in IBM Db2, IBM Java Runtime, and Golang Go may affect IBM Spectrum Protect Server (CVE-2022-21626, CVE-2022-41717, CVE-2022-43929, CVE-2022-43927, CVE-2022-43930)

Summary IBM Spectrum Protect Server may be affected by vulnerabilities in Java SE, Golang Go and IBM Db2 such as denial of service or information disclosure, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-21626 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerabilities in IBM Db2 may affect IBM Spectrum Protect Server (CVE-2022-22483, CVE-2022-35637)

Summary IBM Spectrum Protect Server may be affected by vulnerabilities in IBM Db2 such as denial of service and information disclosure. Vulnerability Details CVEID:CVE-2022-22483 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information...

Security Bulletin: Vulnerabilities in zlib and Golang Go may affect the IBM Spectrum Protect Server (CVE-2018-25032, CVE-2022-27664)

Summary The IBM Spectrum Protect Server may be affected by denial of service vulnerabilities in zlib and Golang Go. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted request, a remot...

Security Bulletin: Vulnerabilities in IBM Db2, Golang Go, and Logback may affect the IBM Spectrum Protect Server (CVE-2022-30631, CVE-2022-30633, CVE-2022-1705, CVE-2022-22389, CVE-2022-22390, CVE-2021-42550, CVE-2022-30629)

Summary The IBM Spectrum Protect Server may be affected by vulnerabilities in IBM Db2, Golang Go, and Logback such as denial of service, HTTP request smuggling, obtaining sensitive information, and execution of arbitrary code. Vulnerability Details CVEID:CVE-2022-30631 DESCRIPTION: Golang Go is...

IBM Spectrum Protect Server 安全漏洞

IBM Spectrum Protect Server is a spectrum protection system from IBM USA. Provides total data resilience for physical file servers, virtual environments and a wide range of applications. A security vulnerability exists in IBM Spectrum Protect Server versions 8.1.0.000 through 8.1.14.000 that...

CVE-2022-22496

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...

CVE-2022-22496

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...

CVE-2022-22487

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain...

Code injection

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...

CVE-2022-22496

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...

IBM Spectrum Protect Server 安全特征问题漏洞

IBM Spectrum Protect Server is a spectrum protection system from IBM USA, Inc. providing comprehensive data resiliency for physical file servers, virtual environments, and a wide range of applications.IBM Spectrum Protect Server versions 8.1.0.000 through 8.1.14 have a security feature issue...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Server (CVE-2021-35550, CVE-2021-35603)

Summary Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2021. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Server and may be affected by the below vulnerabilities CVEs. Vulnerability Details CVEID: CVE-2021-35603...

CVE-2022-22496

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942...