Lucene search
+L
IbmSpectrum Control

13 matches found

CVE
CVE
added 2022/12/20 8:31 p.m.70 views

CVE-2022-38391

CVE-2022-38391 affects IBM Spectrum Control 5.4, where the vulnerability stems from the use of weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Concrete details across sources confirm the affected product/version and the cryptogra...

7.5CVSS6AI score0.00275EPSS
CVE
CVE
added 2019/05/29 3:10 p.m.66 views

CVE-2019-4138

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) is affected by CVE-2019-4138. Versions 5.2.13–5.2.17.2 and 5.3.0–5.3.2 are vulnerable to information disclosure due to failure to properly enable HTTP Strict Transport Security, allowing a remote attacker to obtain sensitive infor...

5.9CVSS5.5AI score0.02094EPSS
CVE
CVE
added 2019/05/29 3:10 p.m.60 views

CVE-2019-4137

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) is affected by CVE-2019-4137. Versions 5.2.13–5.2.17.2 and 5.3.0–5.3.2 are vulnerable to cross-site scripting in the Web UI, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted ...

6.1CVSS5.8AI score0.01283EPSS
CVE
CVE
added 2019/05/09 3:10 p.m.58 views

CVE-2019-4071

IBM Security Bulletin for CVE-2019-4071 confirms a CSV injection/validation flaw in IBM Tivoli Storage Productivity Center (rebranded IBM Spectrum Control). Affected versions include IBM Tivoli Storage Productivity Center 5.2.0–5.2.7.1, IBM Spectrum Control 5.2.8–5.2.17.2, and IBM Spectrum Contro...

9.3CVSS8.7AI score0.04302EPSS
CVE
CVE
added 2019/05/09 3:10 p.m.54 views

CVE-2019-4072

IBM CVE-2019-4072 affects IBM Tivoli Storage Productivity Center (now IBM Spectrum Control). Versions 5.2.1–5.2.17 allow a user to remain idle in the UI after logout, and, via the back button, stay logged in for a short period, exposing Spectrum Control information. Affected products/versions inc...

6.5CVSS5.9AI score0.00812EPSS
CVE
CVE
added 2016/09/26 1:0 a.m.49 views

CVE-2016-5946

CVE-2016-5946 affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center). A directory traversal vulnerability allows remote authenticated users to read arbitrary files via a URL containing ".." (dot dot). Affected versions are Spectrum Control 5.2.8 through 5.2.10.1 and Tivoli Sto...

6.5CVSS5.9AI score0.01633EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.48 views

CVE-2016-8943

CVE-2016-8943 is a cross-site scripting vulnerability in IBM Tivoli Storage Productivity Center, affecting IBM Spectrum Control formerly Tivoli Storage Productivity Center. The IBM Security bulletin details that the vulnerability allows an attacker to inject arbitrary JavaScript into the Web UI, ...

5.4CVSS5.6AI score0.00538EPSS
CVE
CVE
added 2016/09/26 1:0 a.m.47 views

CVE-2016-5944

CVE-2016-5944 is an XSS in the Web UI of IBM Spectrum Control (formerly Tivoli Storage Productivity Center). Connected sources confirm the vulnerability in version 5.2.x prior to 5.2.11, where an authenticated user could inject arbitrary JavaScript/HTML via an embedded string. Affected versions i...

5.4CVSS5.2AI score0.00816EPSS
CVE
CVE
added 2016/09/26 1:0 a.m.45 views

CVE-2016-5943

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 contains an access-control flaw that lets an authenticated user bypass restrictions and read task details or edit properties. Affected are IBM Spectrum Control versions 5.2.8–5.2.10.1 and Tivoli Storage Product...

5.5CVSS5.2AI score0.00865EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.44 views

CVE-2016-8941

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) is affected by CVE-2016-8941, a cross-site request forgery in the web UI that could allow an attacker to perform malicious, unauthorized actions on behalf of a trusted user. The IBM Security Bulletin confirms affected versions: Ti...

8.8CVSS8.6AI score0.00554EPSS
CVE
CVE
added 2017/02/01 8:0 p.m.42 views

CVE-2016-8942

CVE-2016-8942 affects IBM Tivoli Storage Productivity Center (now IBM Spectrum Control after rename). An authenticated user with intimate knowledge of the system could edit a limited set of properties on the server. Affected products/versions: Tivoli Storage Productivity Center 5.2.0–5.2.7.1; IBM...

3.5CVSS4.7AI score0.00491EPSS
CVE
CVE
added 2016/09/26 1:0 a.m.41 views

CVE-2016-5947

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 is affected by a clickjacking vulnerability that can be exploited by a remote, authenticated user via a crafted web site. The issue affects IBM Spectrum Control / Tivoli Storage Productivity Center 5.2.8–5.2.10...

5.7CVSS5.4AI score0.0085EPSS
CVE
CVE
added 2016/09/26 1:0 a.m.40 views

CVE-2016-5945

CVE-2016-5945 affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) versions 5.2.8–5.2.10.1 and Tivoli Storage Productivity Center 5.2.0–5.2.7.1. The vulnerability allows remote authenticated users to upload non-executable files by sending a crafted HTTP request. The IBM Secu...

4.3CVSS4.7AI score0.01035EPSS