CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47148 – IBM Storage Protect Plus Server information disclosure
https://notcve.org/view.php?id=CVE-2023-47148
02 Feb 2024 — IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599. IBM Storage Protect Plus Server 10.1.0 a 10.1.15.2 Admin Console podría permitir que un atacante remoto obtenga información confidencial debido a una validación inadecuada de endpoints no seguros que podrían usarse en futuros ataques contra el si... • https://exchange.xforce.ibmcloud.com/vulnerabilities/270599 • CWE-862: Missing Authorization •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-33832 – IBM Storage Protect denial of service
https://notcve.org/view.php?id=CVE-2023-33832
19 Jul 2023 — IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. IBM X-Force ID: 256012. • https://exchange.xforce.ibmcloud.com/vulnerabilities/256012 • CWE-20: Improper Input Validation CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28956 – IBM Spectrum Protect Backup-Archive Client privilege escalation
https://notcve.org/view.php?id=CVE-2023-28956
22 Jun 2023 — IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. IBM X-Force ID: 251767. IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251767 • CWE-266: Incorrect Privilege Assignment •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27863 – IBM Spectrum Protect Plus Server information disclosure
https://notcve.org/view.php?id=CVE-2023-27863
12 May 2023 — IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249325 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4497 – IBM Spectrum Protect Plus information disclosure
https://notcve.org/view.php?id=CVE-2020-4497
14 Dec 2022 — IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106. IBM Spectrum Protect Plus 10.1.0 a 10.1.12 divulga información confidencial debido al uso de datos no cifrados en el flujo de comunicación entre Spectrum Protect Plus vSnap y sus agentes. Un atacante podría obtener infor... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182106 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40608
https://notcve.org/view.php?id=CVE-2022-40608
19 Sep 2022 — IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873. IBM Spectrum Protect Plus versiones 10.1.6 hasta 10.1.11, la operación de restauración de Microsoft File Systems puede descargar cualquier archivo en el equipo de destino al manipular la ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/235873 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40234
https://notcve.org/view.php?id=CVE-2022-40234
19 Sep 2022 — Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718. Las versiones de IBM Spectrum Protect Plus anteriores a 10.1.12 (excluyendo la 10.1.12) incluyen la información de la clave privada de un certifi... • https://exchange.xforce.ibmcloud.com/vulnerabilities/235718 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22494
https://notcve.org/view.php?id=CVE-2022-22494
30 Jun 2022 — IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940. IBM Spectrum Protect Operations Center 8.1.0.000 hasta 8.1.14, podría permitir a un atacante remoto conseguir detalles de la base de datos, como el tipo y la versión, mediante el envío de una petición HTTP especialmente diseñada. Esta ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/226940 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22472
https://notcve.org/view.php?id=CVE-2022-22472
30 Jun 2022 — IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225340 • CWE-281: Improper Preservation of Permissions •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22496
https://notcve.org/view.php?id=CVE-2022-22496
30 Jun 2022 — While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942. Mientras es establecida una cuenta de usuario para IBM Spectrum Protect Server versiones 8.1.0.000 hasta 8.1.14, puede configurarse para usar SESSIONSECURITY=TRANSITIONAL. Mientras esté en este modo, puede ser susceptible de un ataque de diccionario f... • https://exchange.xforce.ibmcloud.com/vulnerabilities/226942 • CWE-307: Improper Restriction of Excessive Authentication Attempts •