CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22487
https://notcve.org/view.php?id=CVE-2022-22487
30 Jun 2022 — An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326. Un agente de almacenamiento d... • https://exchange.xforce.ibmcloud.com/vulnerabilities/226326 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2022-22478
https://notcve.org/view.php?id=CVE-2022-22478
30 Jun 2022 — IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886. IBM Spectrum Protect Client versiones 8.1.0.0 hasta 8.1.14.0, almacena las credenciales de usuario en texto sin cifrar que puede leer un usuario local. IBM X-Force ID: 225886 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225886 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22474
https://notcve.org/view.php?id=CVE-2022-22474
30 Jun 2022 — IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348. Los procesos dsmcad, dsmc y dsmcsvc de IBM Spectrum Protect versiones 8.1.0.0 hasta 8.1.14.0, manejan inapropiadamente determinadas operaciones de lectura en sockets TCP/IP. Esto puede resultar en una denegación de servicio para las operaciones de cliente de IB... • https://exchange.xforce.ibmcloud.com/vulnerabilities/225348 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22485
https://notcve.org/view.php?id=CVE-2022-22485
17 Jun 2022 — In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325. En algunos casos, un intento fallido de iniciar sesión en IBM Spectrum Protect Operations Center versione... • https://exchange.xforce.ibmcloud.com/vulnerabilities/226325 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22396
https://notcve.org/view.php?id=CVE-2022-22396
06 Jun 2022 — Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231. Las credenciales son impresas en texto sin cifrar en el archivo de registro de virgo de IBM Spectrum Protect Plus versiones 10.1.0.0 hasta 10.1.9.3 en determinados casos. • https://exchange.xforce.ibmcloud.com/vulnerabilities/222231 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22484
https://notcve.org/view.php?id=CVE-2022-22484
17 May 2022 — IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322. IBM Spectrum Protect Operations Center versiones 8.1.12 y 8.1.13, podría permitir a un atacante local obtener información confidencial, c... • https://exchange.xforce.ibmcloud.com/vulnerabilities/226322 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2021-3669 – kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts
https://notcve.org/view.php?id=CVE-2021-3669
11 May 2022 — A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. Se ha encontrado un fallo en el kernel de Linux. La medición del uso de la memoria compartida no escala con grandes recuentos de segmentos de memoria compartida, lo que podría conllevar a el agotamiento de recursos y el DoS. Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kube... • https://access.redhat.com/security/cve/CVE-2021-3669 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.0EPSS: 2%CPEs: 4EXPL: 0CVE-2022-22394
https://notcve.org/view.php?id=CVE-2022-22394
21 Mar 2022 — The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server. El servidor IBM Spectrum Protect versión 8.1.14.000, podría permitir a un atacante remoto omitir las restricciones de seguridad, causado por la aplicación inapropiada de los controles de acceso. Al i... • https://exchange.xforce.ibmcloud.com/vulnerabilities/222147 •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22348
https://notcve.org/view.php?id=CVE-2022-22348
14 Mar 2022 — IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139. IBM Spectrum Protect Operations Center versiones 8.1.0.000 hasta 8.1.13.xxx, es vulnerable un tabnabbing inve... • https://exchange.xforce.ibmcloud.com/vulnerabilities/220139 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22346
https://notcve.org/view.php?id=CVE-2022-22346
14 Mar 2022 — IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048. IBM Spectrum Protect Operations Center versiones 8.1.0.000 hasta 8.1.13.xxx, es vulnerable a una vulnerabilidad de tipo cross-site request forgery, lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde u... • https://exchange.xforce.ibmcloud.com/vulnerabilities/220048 • CWE-352: Cross-Site Request Forgery (CSRF) •