CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47148 – IBM Storage Protect Plus Server information disclosure
https://notcve.org/view.php?id=CVE-2023-47148
IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599. IBM Storage Protect Plus Server 10.1.0 a 10.1.15.2 Admin Console podría permitir que un atacante remoto obtenga información confidencial debido a una validación inadecuada de endpoints no seguros que podrían usarse en futuros ataques contra el sistema. ID de IBM X-Force: 270599. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270599 https://www.ibm.com/support/pages/node/7096482 • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4497 – IBM Spectrum Protect Plus information disclosure
https://notcve.org/view.php?id=CVE-2020-4497
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106. IBM Spectrum Protect Plus 10.1.0 a 10.1.12 divulga información confidencial debido al uso de datos no cifrados en el flujo de comunicación entre Spectrum Protect Plus vSnap y sus agentes. Un atacante podría obtener información utilizando técnicas principales en el medio. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182106 https://www.ibm.com/support/pages/node/6847627 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40234
https://notcve.org/view.php?id=CVE-2022-40234
Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718. Las versiones de IBM Spectrum Protect Plus anteriores a 10.1.12 (excluyendo la 10.1.12) incluyen la información de la clave privada de un certificado dentro del archivo .crt generado cuando es descargado un certificado TLS en IBM Spectrum Protect Plus. Si este archivo .crt generado es compartido, un atacante puede obtener la información de la clave privada del certificado cargado. • https://exchange.xforce.ibmcloud.com/vulnerabilities/235718 https://www.ibm.com/support/pages/node/6619947 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22396
https://notcve.org/view.php?id=CVE-2022-22396
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231. Las credenciales son impresas en texto sin cifrar en el archivo de registro de virgo de IBM Spectrum Protect Plus versiones 10.1.0.0 hasta 10.1.9.3 en determinados casos. • https://exchange.xforce.ibmcloud.com/vulnerabilities/222231 https://www.ibm.com/support/pages/node/6591505 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2021-3669 – kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts
https://notcve.org/view.php?id=CVE-2021-3669
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. Se ha encontrado un fallo en el kernel de Linux. La medición del uso de la memoria compartida no escala con grandes recuentos de segmentos de memoria compartida, lo que podría conllevar a el agotamiento de recursos y el DoS. • https://access.redhat.com/security/cve/CVE-2021-3669 https://bugzilla.redhat.com/show_bug.cgi?id=1980619 https://bugzilla.redhat.com/show_bug.cgi?id=1986473 https://security-tracker.debian.org/tracker/CVE-2021-3669 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •