Security Bulletin: Vulnerability in PyPI cryptography and Python may affect IBM Spectrum Protect Plus File Systems Agent (CVE-2023-23931, CVE-2023-0286, CVE-2023-24329)

Summary IBM Spectrum Protect Plus File Systems Agent can be affected by vulnerability in PyPI cryptography and Python. Vulnerabilities could allow a remote attacker to bypass security restrictions or do a denial of service attack, as described by the CVEs in the "Vulnerability Details" section...

Vulnerabilities fixed in IBM Spectrum Protect

IBM has fixed vulnerabilities in IBM Spectrum Protect and IBM Spectrum Protect Plus. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Manipulation of data Bypassing authenticatio...

CVE-2021-20536

IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836...

CVE-2021-20536

IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836...

CVE-2021-20536

The vulnerability CVE-2021-20536 affects IBM Spectrum Protect Plus File Systems Agent versions 10.1.6 and 10.1.7, where potentially sensitive information could be stored in and read from local log files. The root cause is an information disclosure in the logging of file-system backup/restore acti...

IBM Spectrum Protect Plus 日志信息泄露漏洞

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. An information disclosure vulnerability...

Security Bulletin: Vulnerability in Urllib3 affects IBM Spectrum Protect Container and Microsoft File Systems Agents (CVE-2020-26137)

Summary Urllib3 is vulnerable to CRLF injection which could allow a remote attacker to perform cross-site scripting, cache poisoning, or session hijacking attacks. This vulnerability may affect the IBM Spectrum Protect Plus Container agent for Kubernetes and the IBM Spectrum Protect Plus Microsof...

Security Bulletin: Vulnerability in PyYAML affects IBM Spectrum Protect Plus Container and Microsoft File Systems Agents (CVE-2020-1747)

Summary There is a vulnerability in PyYAML that could allow a remote attacker to execute arbitrary code on the system. This vulnerability may affect the IBM Spectrum Protect Plus Container agent for Kubernetes and the IBM Spectrum Protect Plus Microsoft® Windows File Systems agent. Vulnerability...

Security Bulletin: Vulnerability in Python affects IBM Spectrum Protect Plus Microsoft Windows File Systems agent (CVE-2020-15801)

Summary There is a vulnerability in Python that could allow a local attacker to execute arbitrary code on the system. This vulnerability may affect the IBM Spectrum Protect Plus Microsoft® Windows File Systems agent. Vulnerability Details CVEID: CVE-2020-15801 DESCRIPTION: Python could allow a...