18 matches found
EUVD-2022-43882
Malicious code in bioql PyPI...
Security Bulletin: Directory traversal attack in IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2022-40608)
Summary The IBM Spectrum Protect Plus Microsoft File Systems restore operation is vulnerable to a directory traversal attack which can result in gaining access to unauthorized files . Vulnerability Details CVEID:CVE-2022-40608 DESCRIPTION: IBM Spectrum Protect Plus Microsoft File Systems restore...
Security Bulletin: Vulnerabilities in Jinja, idna & cryptography can affect IBM Storage Protect Plus Microsoft File Systems Backup and Restore
Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Jinja, idna & cryptography which include cross-site scripting & a denial of service, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have been...
Security Bulletin: Vulnerabilities in urllib3, Python and Tornado can affect IBM Storage Protect Plus Microsoft File Systems Backup and Restore [CVE-2023-43804,CVE-2023-40217,263690]
Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in urllib3, Python and Tornado which include obtaining sensitive information, bypass security restrictions and bypass web application firewall protection, and conduct XSS attacks, as...
Security Bulletin: Vulnerabilities in Flask and Pallets Werkzeug may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2023-30861, CVE-2023-25577, CVE-2023-23934)
Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Flask and Pallets Werkzeug include obtain sensitive information, denial of service attacks and bypass security restrictions, as described by the CVEs in the "Vulnerability Details"...
Security Bulletin: Vulnerabilities in Certifi, Setuptools and Python may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2022-23491, CVE-2022-40897, CVE-2022-45061)
Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Certifi, Setuptools and Python. Vulnerabilities include error with TurstCor's owenership of certificates and denial of service attacks, as described by the CVEs in the "Vulnerability...
Security Bulletin: Vulnerability in Python Cryptographic Authority cryptography affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore
Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore may be affected by a Python Cryptographic Authority cryptography buffer overflow vulnerability has been addressed. Vulnerability Details IBM X-Force ID: 239927 DESCRIPTION: Python Cryptographic Authority cryptography is...
The vulnerability of the backup and recovery functions of Microsoft File Systems for the IBM Spectrum Protect Plus data protection software allows a perpetrator to disclose protected information.
The vulnerability of the backup and recovery functions of Microsoft’s file systems in the IBM Spectrum Protect Plus data protection platform is related to an incorrect limitation on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to...
CVE-2022-40608
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access...
Directory traversal
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access...
CVE-2022-40608
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access...
Security Bulletin: Vulnerability in Pallets Werkzeug may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2022-29361)
Summary HTTP request smuggling vulnerability in Pallets Werkzeug can affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore. Vulnerability Details CVEID:CVE-2022-29361 DESCRIPTION: Pallets Werkzeug is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP...
Security Bulletin: Vulnerability in Urllib3 affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2021-33503)
Summary Denial of Service vulnerability in Urllib3 may affect IBM Spectrum Protect Plus Microsoft® File Systems backup and restore. Vulnerability Details CVEID: CVE-2021-33503 DESCRIPTION: urllib3 is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw du...
Security Bulletin: Vulnerabilities in Python, Tornado, and Urllib3 affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore
Summary IBM Spectrum Protect Plus Microsoft® File Systems backup and restore may be affected by vulnerabilities in Python, Tornado. and Urllib3 such as server-side request forgery, HTTP response splitting, buffer overflow, and man-in-the-middle attacks. Vulnerability Details CVEID: CVE-2021-29921...
Security Bulletin: Information Disclosure in IBM Spectrum Protect Plus Microsoft File Systems backup and restore log files (CVE-2021-20536)
Summary IBM Spectrum Protect Plus Microsoft® File Systems backup and restore log files may contain sensitive information. Vulnerability Details CVEID: CVE-2021-20536 DESCRIPTION: IBM Spectrum Protect Plus File Systems Agent stores potentially sensitive information in log files that could be read ...
Security Bulletin: Vulnerability in Python affects IBM Spectrum Protect Plus Microsoft File Systems backup and restore (CVE-2020-25659)
Summary Vulnerability in python-cryptography may affect IBM Spectrum Protect Plus Microsoft® File Systems backup and restore. Vulnerability Details CVEID: CVE-2020-25659 DESCRIPTION: python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timi...
Security Bulletin: Vulnerability in Urllib3 affects IBM Spectrum Protect Container and Microsoft File Systems Agents (CVE-2020-26137)
Summary Urllib3 is vulnerable to CRLF injection which could allow a remote attacker to perform cross-site scripting, cache poisoning, or session hijacking attacks. This vulnerability may affect the IBM Spectrum Protect Plus Container agent for Kubernetes and the IBM Spectrum Protect Plus Microsof...
Security Bulletin: Vulnerability in PyYAML affects IBM Spectrum Protect Plus Container and Microsoft File Systems Agents (CVE-2020-1747)
Summary There is a vulnerability in PyYAML that could allow a remote attacker to execute arbitrary code on the system. This vulnerability may affect the IBM Spectrum Protect Plus Container agent for Kubernetes and the IBM Spectrum Protect Plus Microsoft® Windows File Systems agent. Vulnerability...