66 matches found
IBM Storage Protect Server SQL Injection Vulnerability
IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...
CVE-2025-13855
IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...
CVE-2025-13855
IBM Storage Protect Server/IBM Storage Protect Plus Server (version 8.2.0) are affected by a SQL injection vulnerability (CVE-2025-13855) arising from lack of validation of externally supplied SQL statements. An attacker could remotely send crafted SQL to view, add, modify, or delete data in the ...
PT-2026-29412
Name of the Vulnerable Software and Affected Versions IBM Storage Protect Server and IBM Storage Protect Plus Server versions 8.2.0 Description IBM Storage Protect Server and IBM Storage Protect Plus Server are susceptible to SQL injection. A remote attacker could submit crafted SQL statements,...
IBM Storage Protect Server SQL注入漏洞
IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...
Security Bulletin: IBM Storage Protect Server is vulnerable to unauthenticated attacker with network access via multiple protocols and TLS due to IBM SDK, Java (CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)
Summary IBM SDK, Java is vulnerable to unauthenticated attacker with network access via multiple protocols and TLS, IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE,...
Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the logback-core library that could lead to denial-of-service under specific conditions (CVE-2025-11226).
Summary IBM Storage Protect Server uses the logback-core library in certain components; the library is vulnerable to improper handling of certain inputs that could lead to denial-of-service under specific conditions. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in...
Security Bulletin:IBM Storage Protect Server is affected by a vulnerability in the Apache POI library that could lead to denial-of-service when processing specially crafted archive files (CVE-2019-12415).
Summary IBM Storage Protect Server uses the Apache POI library in certain components; this library is vulnerable to processing specially crafted archive files that may cause excessive memory allocation, potentially leading to a denial-of-service condition. Vulnerability Details CVEID:CVE-2019-124...
Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the Apache Commons IO library that could lead to denial-of-service when processing specially crafted input (CVE-2025-48924).
Summary IBM Storage Protect Server uses the Apache Commons IO library in certain components; Apache Commons IO is vulnerable to improper resource handling that may lead to denial-of-service conditions when processing specially crafted input. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION:...
Security Bulletin: IBM Storage Protect Server is affected by vulnerabilities in the Eclipse Jetty web server library that could lead to denial-of-service due to issues in certificate and protocol handling (CVE-2024-6763, CVE-2024-8184).
Summary IBM Storage Protect Server uses the Eclipse Jetty web server library in certain components. Vulnerabilities related to certificate and protocol handling in the Jetty library may allow specially crafted requests to trigger denial-of-service conditions in applications using the affected...
Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the Eclipse Jetty web server library that could lead to request data corruption or leakage between sessions (CVE-2024-13009).
Summary IBM Storage Protect Server uses the Eclipse Jetty web server library in certain components. Jetty is vulnerable to improper handling of malformed gzip requests, which may lead to request data corruption or inadvertent leakage of request data between sessions under certain conditio...
Security Bulletin: IBM Storage Protect Server is susceptible to a vulnerability due to Golang crypto library
Summary Golang crypto library is used by the IBM Storage Protect Server Object Agent and OSSM component. Golang crypto is vulnerable to Denial of Service, This bulletin identifies the steps to address the vulnerabilities. CVE-2025-22869. Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH...
Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.
Summary IBM Storage Protect Server, which uses IBM Db2, may be affected by multiple vulnerabilities that could result in denial of service or the loss of confidentiality, integrity. These vulnerabilities include CVE-2024-7254, CVE-2022-3510, CVE-2022-3509, CVE-2022-3171, CVE-2024-49350,...
Security Bulletin: IBM Storage Protect Server is susceptible to a vulnerability due to Golang CoreDNS library
Summary Golang CoreDNS library is used by the IBM Storage Protect Server OSSM component. Golang CoreDBS is vulnerable to Denial of service , This bulletin identifies the steps to address the vulnerabilities. CVE-2025-58063. Vulnerability Details CVEID:CVE-2025-58063 DESCRIPTION: CoreDNS is a DNS...
Security Bulletin: IBM Storage Protect Server is vulnerable to improper access control and stack overflow due to IBM SDK, Java (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)
Summary IBM SDK, Java is vulnerable to improper access control and stack overflow, IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL...
Security Bulletin: IBM Storage Protect Server is vulnerable to authorization bypass attack due to built-in admin account (CVE-2025-3319)
Summary The IBM Storage Protect server contains a built-in admin account which is vulnerable to an authorization bypass attack by using custom client. Vulnerability Details CVEID:CVE-2025-3319 DESCRIPTION: IBM Spectrum Protect Server could allow attacker to bypass authentication due to improper...
Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.
Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, remote code execution or loss of confidentiality, integrity or availability. CVE-2023-39976, CVE-2023-40373, CVE-2023-40372, CVE-2023-30987, CVE-2023-38719,...
Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Server
Summary Multiple vulnerabilities exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Storage Protect Server. CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE...
Security Bulletin: IBM Storage Protect Server is susceptible to vulnerabilities due to golang-JWT (CVE-2024-51744)
Summary Golang JWT is used by the IBM Storage Protect Server OSSM and Object Agent component. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of th...
Security Bulletin: IBM Storage Protect Server is susceptible to denial of service due to CoreDNS (CVE-2023-28452).
Summary The IBM Storage Protect Server is susceptible to denial of service caused by improper input validation linked to CoreDNS. Vulnerability Details CVEID:CVE-2023-28452 DESCRIPTION: CoreDNS is vulnerable to a denial of service, caused by improper input validation . By sending a specially...