Spectrum Protect Plus@* Security Vulnerabilities and Issues — Spectrum Protect Plus@* CVE List

Lucene search

IbmSpectrum Protect Plus*

19 matches found

CVE•added 2020/09/15 2:15 p.m.•100 views

CVE-2020-4703

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.

8CVSS7.8AI score0.00842EPSS

CVE•added 2020/09/15 2:15 p.m.•81 views

CVE-2020-4711

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501.

6.5CVSS6.3AI score0.00626EPSS

CVE•added 2020/11/23 5:15 p.m.•53 views

CVE-2020-4854

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.

9.8CVSS9AI score0.00234EPSS

CVE•added 2020/03/31 3:15 p.m.•51 views

CVE-2020-4206

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966.

9CVSS8.7AI score0.05423EPSS

CVE•added 2020/03/31 3:15 p.m.•51 views

CVE-2020-4240

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417.

6.5CVSS6.3AI score0.0042EPSS

CVE•added 2020/03/31 3:15 p.m.•49 views

CVE-2020-4208

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975.

9.8CVSS9AI score0.00026EPSS

CVE•added 2020/03/31 3:15 p.m.•44 views

CVE-2020-4241

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-For...

9CVSS8.6AI score0.0913EPSS

CVE•added 2020/06/15 2:15 p.m.•44 views

CVE-2020-4469

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix f...

10CVSS9.5AI score0.51554EPSS

CVE•added 2020/06/15 2:15 p.m.•42 views

CVE-2020-4477

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779.

6.5CVSS6AI score0.00243EPSS

CVE•added 2020/05/04 2:15 p.m.•41 views

CVE-2020-4209

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019.

5.5CVSS5.5AI score0.00429EPSS

CVE•added 2020/03/31 3:15 p.m.•41 views

CVE-2020-4242

9CVSS8.6AI score0.03831EPSS

CVE•added 2020/03/31 3:15 p.m.•40 views

CVE-2020-4214

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026.

7.5CVSS7.4AI score0.00104EPSS

CVE•added 2020/06/15 2:15 p.m.•40 views

CVE-2020-4470

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725.

8CVSS7.8AI score0.0023EPSS

CVE•added 2020/11/23 5:15 p.m.•40 views

CVE-2020-4783

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IB...

5.9CVSS5.3AI score0.00172EPSS

CVE•added 2020/06/15 2:15 p.m.•36 views

CVE-2020-4216

9.8CVSS9AI score0.00129EPSS

CVE•added 2020/06/15 2:15 p.m.•35 views

CVE-2020-4471

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726.

6.5CVSS7AI score0.0015EPSS

CVE•added 2020/06/26 2:15 p.m.•34 views

CVE-2020-4565

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935.

5.9CVSS5.3AI score0.00239EPSS

CVE•added 2020/08/04 4:15 p.m.•34 views

CVE-2020-4631

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372.

5.5CVSS5.2AI score0.00026EPSS

CVE•added 2020/02/24 4:15 p.m.•33 views

CVE-2019-4703

IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information.

5.3CVSS5.3AI score0.00138EPSS