3 matches found
Security Bulletin: Authentication Bypass, Arbitrary Directory Deletion, and Command Injection vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4208, CVE-2020-4214, CVE-2020-4206, CVE-2020-4241, CVE-2020-4242)
Summary IBM Spectrum Protect Plus is vulnerable to authentication bypass, arbitrary directory deletion, and command injection which allows a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2020-4208 DESCRIPTION: IBM Spectrum Protect Plus contains hard-cod...
CVE-2020-4208
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975...
CVE-2020-4208
CVE-2020-4208 affects IBM Spectrum Protect Plus 10.1.0–10.1.5, where hard-coded credentials are used for inbound authentication, outbound communication, or internal data encryption. The root cause is hard-coded credentials in the product, leading to exposure of authentication and potential unauth...