Spectrum Protect Plus Security Vulnerabilities and Issues — Spectrum Protect Plus CVE List

Lucene search

IbmSpectrum Protect Plus

5 matches found

CVE•added 2020/09/15 2:15 p.m.•100 views

CVE-2020-4703

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188.

8CVSS7.8AI score0.00842EPSS

CVE•added 2022/06/30 5:15 p.m.•56 views

CVE-2022-22472

IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session info...

8.8CVSS8.4AI score0.00062EPSS

CVE•added 2019/07/01 3:15 p.m.•51 views

CVE-2019-4357

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,

8.2CVSS6.6AI score0.00108EPSS

CVE•added 2020/06/15 2:15 p.m.•40 views

CVE-2020-4470

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725.

8CVSS7.8AI score0.0023EPSS

CVE•added 2021/12/13 7:15 p.m.•38 views

CVE-2021-39057

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.

8.1CVSS7.7AI score0.00121EPSS