CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22396
https://notcve.org/view.php?id=CVE-2022-22396
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231. Las credenciales son impresas en texto sin cifrar en el archivo de registro de virgo de IBM Spectrum Protect Plus versiones 10.1.0.0 hasta 10.1.9.3 en determinados casos. • https://exchange.xforce.ibmcloud.com/vulnerabilities/222231 https://www.ibm.com/support/pages/node/6591505 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2021-3669 – kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts
https://notcve.org/view.php?id=CVE-2021-3669
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. Se ha encontrado un fallo en el kernel de Linux. La medición del uso de la memoria compartida no escala con grandes recuentos de segmentos de memoria compartida, lo que podría conllevar a el agotamiento de recursos y el DoS. • https://access.redhat.com/security/cve/CVE-2021-3669 https://bugzilla.redhat.com/show_bug.cgi?id=1980619 https://bugzilla.redhat.com/show_bug.cgi?id=1986473 https://security-tracker.debian.org/tracker/CVE-2021-3669 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22354
https://notcve.org/view.php?id=CVE-2022-22354
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485. IBM Spectrum Protect Plus versiones 10.1.0.0 hasta 10.1.9.2 e IBM Spectrum Copy Data Management versiones 2.2.0.0 hasta 2.2.14.3, no limitan la duración de una conexión, lo que podría permitir un ataque de denegación de servicio HTTP Slowloris. Esto puede causar que la consola de administración deje de responder. • https://exchange.xforce.ibmcloud.com/vulnerabilities/220485 https://www.ibm.com/support/pages/node/6562479 https://www.ibm.com/support/pages/node/6562989 •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39063
https://notcve.org/view.php?id=CVE-2021-39063
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956. IBM Spectrum Protect Plus versiones 10.1.0.0 hasta 10.1.8.x, usa Cross-Origin Resource Sharing (CORS), lo que podría permitir a un atacante llevar a cabo acciones privilegiadas y recuperar información confidencial debido a una configuración errónea en los encabezados de control de acceso. IBM X-Force ID: 214956 • https://exchange.xforce.ibmcloud.com/vulnerabilities/214956 https://www.ibm.com/support/pages/node/6525346 • CWE-346: Origin Validation Error •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39057
https://notcve.org/view.php?id=CVE-2021-39057
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616. IBM Spectrum Protect Plus versiones 10.1.0.0 hasta 10.1.8.x ,es vulnerable a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/214616 https://www.ibm.com/support/pages/node/6525346 • CWE-918: Server-Side Request Forgery (SSRF) •