Spectrum Protect Plus@* Security Vulnerabilities and Issues — Spectrum Protect Plus@* CVE List

Lucene search

IbmSpectrum Protect Plus*

12 matches found

CVE•added 2021/01/08 7:15 p.m.•78 views

CVE-2020-5019

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attack...

6.5CVSS6.4AI score0.00047EPSS

CVE•added 2021/12/13 7:15 p.m.•67 views

CVE-2021-39063

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.

9.1CVSS8.5AI score0.00082EPSS

CVE•added 2021/01/08 7:15 p.m.•62 views

CVE-2020-5021

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657.

4.4CVSS5.2AI score0.00033EPSS

CVE•added 2021/01/08 7:15 p.m.•59 views

CVE-2020-5022

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658.

5.3CVSS5.6AI score0.00167EPSS

CVE•added 2021/01/08 7:15 p.m.•58 views

CVE-2020-5018

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.

7.5CVSS7.1AI score0.00097EPSS

CVE•added 2021/01/08 7:15 p.m.•57 views

CVE-2020-5020

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attack...

6.1CVSS6.3AI score0.00181EPSS

CVE•added 2021/02/10 5:15 p.m.•44 views

CVE-2020-5023

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.

7.5CVSS7.3AI score0.00729EPSS

CVE•added 2021/12/13 7:15 p.m.•38 views

CVE-2020-4496

The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.

6.8CVSS5.8AI score0.00094EPSS

CVE•added 2021/06/29 4:15 p.m.•38 views

CVE-2021-20490

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.

5.5CVSS5.2AI score0.00041EPSS

CVE•added 2021/12/13 7:15 p.m.•38 views

CVE-2021-39057

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.

8.1CVSS7.7AI score0.00121EPSS

CVE•added 2021/04/26 5:15 p.m.•32 views

CVE-2021-20432

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 196344.

6.5CVSS6.1AI score0.00158EPSS

CVE•added 2021/04/26 5:15 p.m.•32 views

CVE-2021-29694

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258.

7.5CVSS7.2AI score0.00112EPSS