13 matches found
CVE-2022-38391
CVE-2022-38391 affects IBM Spectrum Control 5.4, where the vulnerability stems from the use of weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Concrete details across sources confirm the affected product/version and the cryptogra...
CVE-2019-4138
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) is affected by CVE-2019-4138. Versions 5.2.13–5.2.17.2 and 5.3.0–5.3.2 are vulnerable to information disclosure due to failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to obtain sensitive infor...
CVE-2019-4137
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) is affected by CVE-2019-4137. Versions 5.2.13–5.2.17.2 and 5.3.0–5.3.2 are vulnerable to cross-site scripting in the Web UI, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted ...
CVE-2019-4071
IBM Security Bulletin for CVE-2019-4071 confirms a CSV injection/validation flaw in IBM Tivoli Storage Productivity Center (rebranded IBM Spectrum Control). Affected versions include IBM Tivoli Storage Productivity Center 5.2.0–5.2.7.1, IBM Spectrum Control 5.2.8–5.2.17.2, and IBM Spectrum Contro...
CVE-2019-4072
IBM CVE-2019-4072 affects IBM Tivoli Storage Productivity Center (now IBM Spectrum Control). Versions 5.2.1–5.2.17 allow a user to remain idle in the UI after logout, and, via the back button, stay logged in for a short period, exposing Spectrum Control information. Affected products/versions inc...
CVE-2016-5946
CVE-2016-5946 affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center). A directory traversal vulnerability allows remote authenticated users to read arbitrary files via a URL containing ".." (dot dot). Affected versions are Spectrum Control 5.2.8 through 5.2.10.1 and Tivoli Sto...
CVE-2016-8943
CVE-2016-8943 is a cross-site scripting vulnerability in IBM Tivoli Storage Productivity Center, affecting IBM Spectrum Control formerly Tivoli Storage Productivity Center. The IBM Security bulletin details that the vulnerability allows an attacker to inject arbitrary JavaScript into the Web UI, ...
CVE-2016-5944
CVE-2016-5944 is an XSS in the Web UI of IBM Spectrum Control (formerly Tivoli Storage Productivity Center). Connected sources confirm the vulnerability in version 5.2.x prior to 5.2.11, where an authenticated user could inject arbitrary JavaScript/HTML via an embedded string. Affected versions i...
CVE-2016-5943
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 contains an access-control flaw that lets an authenticated user bypass restrictions and read task details or edit properties. Affected are IBM Spectrum Control versions 5.2.8–5.2.10.1 and Tivoli Storage Product...
CVE-2016-8941
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) is affected by CVE-2016-8941, a cross-site request forgery in the web UI that could allow an attacker to perform malicious, unauthorized actions on behalf of a trusted user. The IBM Security Bulletin confirms affected versions: Ti...
CVE-2016-8942
CVE-2016-8942 affects IBM Tivoli Storage Productivity Center (now IBM Spectrum Control after rename). An authenticated user with intimate knowledge of the system could edit a limited set of properties on the server. Affected products/versions: Tivoli Storage Productivity Center 5.2.0–5.2.7.1; IBM...
CVE-2016-5947
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 is affected by a clickjacking vulnerability that can be exploited by a remote, authenticated user via a crafted web site. The issue affects IBM Spectrum Control / Tivoli Storage Productivity Center 5.2.8–5.2.10...
CVE-2016-5945
CVE-2016-5945 affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) versions 5.2.8–5.2.10.1 and Tivoli Storage Productivity Center 5.2.0–5.2.7.1. The vulnerability allows remote authenticated users to upload non-executable files by sending a crafted HTTP request. The IBM Secu...