NotCVE - vendor:"Ibm" product:"Spectrum Protect Plus"

Page 2 of 45 results (0.004 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-4496

https://notcve.org/view.php?id=CVE-2020-4496

13 Dec 2021 — The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046. La conexión del servidor de IBM Spectrum Protect Plus versiones 10.1.0.0 a 10.1.8.x con un agente de carga de trabajo de IBM Spectrum Protect Plus está sujeta a un ataque de tipo "man-in-the-middle" debido a una comprobación inapropiada del certificado. IBM X-Force ID: 182046 • https://exchange.xforce.ibmcloud.com/vulnerabilities/182046 • CWE-295: Improper Certificate Validation •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-20490

https://notcve.org/view.php?id=CVE-2021-20490

29 Jun 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.8, podría permitir a un usuario local causar una denegación de servicio debido a una configuración no segura de los permisos de los archivos. IBM X-Force ID: 197791 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197791 • CWE-276: Incorrect Default Permissions •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-29694

https://notcve.org/view.php?id=CVE-2021-29694

26 Apr 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.7, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 200258 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200258 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-20536

https://notcve.org/view.php?id=CVE-2021-20536

26 Apr 2021 — IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. IBM Spectrum Protect Plus File Systems Agent versiones 10.1.6 y 10.1.7, almacena información potencialmente confidencial en archivos de registro que podría ser leído por un usuario local. IBM X-Force ID: 198836 • https://exchange.xforce.ibmcloud.com/vulnerabilities/198836 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-20432

https://notcve.org/view.php?id=CVE-2021-20432

26 Apr 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 196344. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.7, utiliza el Cross-Origin Resource Sharing (CORS), que podría permitir a un atacante llevar a cabo acciones privilegiadas y recuperar información confidencial, ya que el nombre de d... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196344 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-5023

https://notcve.org/view.php?id=CVE-2020-5023

10 Feb 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659. IBM Spectrum Protect Plus versiones 10.1.0 a 10.1.7, podría permitir que un usuario remoto inyecte datos arbitrarios, lo que podría hacer que el servicio se bloquee debido al consumo excesivo de recursos. IBM X-Force ID: 193659 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193659 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-5022

https://notcve.org/view.php?id=CVE-2020-5022

08 Jan 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, puede permitir un acceso no autenticado y no autorizado al proxy VDAP, lo que puede resultar a un atacante conseguir información a la que no está autorizado a acceder. IBM X-Force ID: 193658 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193658 • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •

CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-5021

https://notcve.org/view.php?id=CVE-2020-5021

08 Jan 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, no comprueba una sesión después de un restablecimiento de contraseña lo que podría permitir a un usuario local hacerse pasar por otro usuario en el sistema. IBM X-Force ID: 193657 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193657 • CWE-384: Session Fixation •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-5020

https://notcve.org/view.php?id=CVE-2020-5020

08 Jan 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 193656. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, podría permitir a un atacante remoto secuestrar la acción de clic de la víctima. Al persuadir a una vícti... • https://exchange.xforce.ibmcloud.com/vulnerabilities/193656 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-5019

https://notcve.org/view.php?id=CVE-2020-5019

08 Jan 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 193655. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, s... • https://exchange.xforce.ibmcloud.com/vulnerabilities/193655 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

1 2 3 4 5