CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4093
https://notcve.org/view.php?id=CVE-2019-4093
02 Apr 2019 — IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981. IBM Tivoli Storage Manager (IBM Spectrum Protect en su versión 8.1.7) podría permitir a un usuario recuperar archivos y directorios utilizando la interfaz de usuario web de IBM Spectrum Prootect Client en Windows a la que no deberían tener acce... • http://www.ibm.com/support/docview.wss?uid=ibm10875518 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-1786
https://notcve.org/view.php?id=CVE-2018-1786
12 Nov 2018 — IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871. Los procesos dsmc y dsmcad de IBM Spectrum Protect 7.1 y 8.1 acumulan incorrectamente sockets TCP/IP en un estado CLOSE_WAIT. Esto puede provocar el filtrado del recurso TCP/IP y podría resultar en una denegación de servicio (DoS). • http://www.ibm.com/support/docview.wss?uid=ibm10738765 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1788
https://notcve.org/view.php?id=CVE-2018-1788
02 Nov 2018 — IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873. IBM Spectrum Protect Server 7.1 y 8.1 podría divulgar información altamente sensible mediante registros de rastreo a un usuario local privilegiado. IBM X-Force ID: 148873. • http://www.ibm.com/support/docview.wss?uid=ibm10730357 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1768
https://notcve.org/view.php?id=CVE-2018-1768
26 Sep 2018 — IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622. IBM Spectrum Protect Plus 10.1.0 y 10.1.1 podría divulgar información sensible cuando un usuario autorizado ejecuta una operación de prueba; el ID y la contraseña del usuario podrían mostrarse en texto plano en un archivo de registro de instrumentación. IBM X-Force... • http://www.ibm.com/support/docview.wss?uid=ibm10729219 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1785
https://notcve.org/view.php?id=CVE-2018-1785
26 Sep 2018 — IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870. IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 y 8.1) emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información sensible. IBM X-Force ID: 148870. • http://www.ibm.com/support/docview.wss?uid=ibm10729873 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1545
https://notcve.org/view.php?id=CVE-2018-1545
26 Sep 2018 — IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649. IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 y 8.1) emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 142649. • http://www.ibm.com/support/docview.wss?uid=ibm10718013 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1447
https://notcve.org/view.php?id=CVE-2018-1447
04 Apr 2018 — The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972. • http://www.ibm.com/support/docview.wss?uid=swg22014669 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2015-7426
https://notcve.org/view.php?id=CVE-2015-7426
02 Jan 2016 — The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. La extensión Data Protection en la GUI VMware en IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (tam... • http://www-01.ibm.com/support/docview.wss?uid=swg21971484 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7429
https://notcve.org/view.php?id=CVE-2015-7429
02 Jan 2016 — The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.4 allows remote authenticated users to restore arbitrary virtual machines and consequently obtain sensitive information by visiting the vSphere inventory. La extensión Data Protection en la GUI VMware en IBM Tivoli Storag... • http://www-01.ibm.com/support/docview.wss?uid=swg21973087 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •