EUVD-2022-43882

Malicious code in bioql PyPI...

Security Bulletin: Directory traversal attack in IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2022-40608)

Summary The IBM Spectrum Protect Plus Microsoft File Systems restore operation is vulnerable to a directory traversal attack which can result in gaining access to unauthorized files . Vulnerability Details CVEID:CVE-2022-40608 DESCRIPTION: IBM Spectrum Protect Plus Microsoft File Systems restore...

Security Bulletin: Vulnerabilities in Jinja, idna & cryptography can affect IBM Storage Protect Plus Microsoft File Systems Backup and Restore

Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Jinja, idna & cryptography which include cross-site scripting & a denial of service, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have been...

Security Bulletin: Vulnerabilities in Flask and Pallets Werkzeug may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2023-30861, CVE-2023-25577, CVE-2023-23934)

Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Flask and Pallets Werkzeug include obtain sensitive information, denial of service attacks and bypass security restrictions, as described by the CVEs in the "Vulnerability Details"...

Security Bulletin: Vulnerabilities in Certifi, Setuptools and Python may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2022-23491, CVE-2022-40897, CVE-2022-45061)

Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Certifi, Setuptools and Python. Vulnerabilities include error with TurstCor's owenership of certificates and denial of service attacks, as described by the CVEs in the "Vulnerability...

Security Bulletin: Vulnerability in Python Cryptographic Authority cryptography affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore

Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore may be affected by a Python Cryptographic Authority cryptography buffer overflow vulnerability has been addressed. Vulnerability Details IBM X-Force ID: 239927 DESCRIPTION: Python Cryptographic Authority cryptography is...

CVE-2022-40608

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access...

Directory traversal

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access...

CVE-2022-40608

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access...

Security Bulletin: Vulnerability in Pallets Werkzeug may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2022-29361)

Summary HTTP request smuggling vulnerability in Pallets Werkzeug can affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore. Vulnerability Details CVEID:CVE-2022-29361 DESCRIPTION: Pallets Werkzeug is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP...

Security Bulletin: Vulnerability in Urllib3 affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2021-33503)

Summary Denial of Service vulnerability in Urllib3 may affect IBM Spectrum Protect Plus Microsoft® File Systems backup and restore. Vulnerability Details CVEID: CVE-2021-33503 DESCRIPTION: urllib3 is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw du...

Security Bulletin: Vulnerabilities in Python, Tornado, and Urllib3 affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore

Summary IBM Spectrum Protect Plus Microsoft® File Systems backup and restore may be affected by vulnerabilities in Python, Tornado. and Urllib3 such as server-side request forgery, HTTP response splitting, buffer overflow, and man-in-the-middle attacks. Vulnerability Details CVEID: CVE-2021-29921...

Security Bulletin: Information Disclosure in IBM Spectrum Protect Plus Microsoft File Systems backup and restore log files (CVE-2021-20536)

Summary IBM Spectrum Protect Plus Microsoft® File Systems backup and restore log files may contain sensitive information. Vulnerability Details CVEID: CVE-2021-20536 DESCRIPTION: IBM Spectrum Protect Plus File Systems Agent stores potentially sensitive information in log files that could be read ...