CVE-2020-4783
https://notcve.org/view.php?id=CVE-2020-4783
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, podría permitir a un atacante remoto obtener información confidencial, debido a un fallo al habilitar correctamente HTTP Strict Transport Security. Un atacante podría aprovechar esta vulnerabilidad para obtener información confidencial usando técnicas de tipo man in the middle. • https://exchange.xforce.ibmcloud.com/vulnerabilities/189214 https://www.ibm.com/support/pages/node/6368601 • CWE-862: Missing Authorization •
CVE-2020-4771
https://notcve.org/view.php?id=CVE-2020-4771
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993. IBM Spectrum Protect Operations Center versiones 8.1.0.000 hasta 8.1.10. Y versiones 7.1.0.000 hasta 7.1.11, podría permitir a un atacante remoto obtener información confidencial, causada por una autenticación incorrecta de un endpoint de websocket. • https://exchange.xforce.ibmcloud.com/vulnerabilities/188993 https://www.ibm.com/support/pages/node/6369101 • CWE-287: Improper Authentication •
CVE-2020-4711
https://notcve.org/view.php?id=CVE-2020-4711
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podría enviar una petición de URL especialmente diseñada que contenga secuencias de "dot dot" (/../) para visualizar archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/187501 https://www.ibm.com/support/pages/node/6328867 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-4703
https://notcve.org/view.php?id=CVE-2020-4703
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, la Consola Administrativa podría permitir a un atacante autenticado cargar archivos arbitrarios que podrían ejecutar código arbitrario en el servidor vulnerable. Esta vulnerabilidad es debido a una corrección incompleta para CVE-2020-4470. • https://exchange.xforce.ibmcloud.com/vulnerabilities/187188 https://www.ibm.com/support/pages/node/6328867 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2020-4693
https://notcve.org/view.php?id=CVE-2020-4693
IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782. IBM Spectrum Protect Operations Center versiones 7.1.0.000 hasta 7.1.10 y versiones 8.1.0.000 hasta 8.1.9, puede permitir a un atacante ejecutar código arbitrario en el sistema, causado por una comprobación inapropiada de los datos antes de la exportación. IBM X-Force ID: 186782 • https://exchange.xforce.ibmcloud.com/vulnerabilities/186782 https://www.ibm.com/support/pages/node/6325341 • CWE-20: Improper Input Validation •