Spectrum Protect Plus Security Vulnerabilities and Issues — Spectrum Protect Plus CVE List

Lucene search

IbmSpectrum Protect Plus

11 matches found

CVE•added 2020/09/15 2:15 p.m.•81 views

CVE-2020-4711

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501.

6.5CVSS6.3AI score0.00626EPSS

CVE•added 2021/01/08 7:15 p.m.•78 views

CVE-2020-5019

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attack...

6.5CVSS6.4AI score0.00047EPSS

CVE•added 2019/06/19 2:15 p.m.•64 views

CVE-2019-4385

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.

6.5CVSS6.1AI score0.00067EPSS

CVE•added 2021/01/08 7:15 p.m.•57 views

CVE-2020-5020

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attack...

6.1CVSS6.3AI score0.00181EPSS

CVE•added 2020/03/31 3:15 p.m.•51 views

CVE-2020-4240

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417.

6.5CVSS6.3AI score0.0042EPSS

CVE•added 2022/12/14 10:15 p.m.•51 views

CVE-2020-4497

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.

6.8CVSS5.5AI score0.00029EPSS

CVE•added 2020/06/15 2:15 p.m.•42 views

CVE-2020-4477

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779.

6.5CVSS6AI score0.00243EPSS

CVE•added 2021/12/13 7:15 p.m.•38 views

CVE-2020-4496

The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.

6.8CVSS5.8AI score0.00094EPSS

CVE•added 2020/06/15 2:15 p.m.•35 views

CVE-2020-4471

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726.

6.5CVSS7AI score0.0015EPSS

CVE•added 2021/04/26 5:15 p.m.•33 views

CVE-2021-20536

IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836.

6.2CVSS5.8AI score0.00044EPSS

CVE•added 2021/04/26 5:15 p.m.•32 views

CVE-2021-20432

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 196344.

6.5CVSS6.1AI score0.00158EPSS