CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22354
https://notcve.org/view.php?id=CVE-2022-22354
14 Mar 2022 — IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485. IBM Spectrum Protect Plus versiones 10.1.0.0 hasta 10.1.9.2 e IBM Spectrum Copy Data Management versiones 2.2.0.0 hasta 2.2.14.3, no limitan la duración de una conexión, lo que podría permitir un a... • https://exchange.xforce.ibmcloud.com/vulnerabilities/220485 •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39063
https://notcve.org/view.php?id=CVE-2021-39063
13 Dec 2021 — IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956. IBM Spectrum Protect Plus versiones 10.1.0.0 hasta 10.1.8.x, usa Cross-Origin Resource Sharing (CORS), lo que podría permitir a un atacante llevar a cabo acciones privilegiadas y recuperar información confidencial debido a una configuración err... • https://exchange.xforce.ibmcloud.com/vulnerabilities/214956 • CWE-346: Origin Validation Error •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39057
https://notcve.org/view.php?id=CVE-2021-39057
13 Dec 2021 — IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616. IBM Spectrum Protect Plus versiones 10.1.0.0 hasta 10.1.8.x ,es vulnerable a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el si... • https://exchange.xforce.ibmcloud.com/vulnerabilities/214616 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.2EPSS: 0%CPEs: 15EXPL: 0CVE-2021-39048 – Gentoo Linux Security Advisory 202209-02
https://notcve.org/view.php?id=CVE-2021-39048
13 Dec 2021 — IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438. IBM Spectrum Protect Client versiones 7.1 y 8.1, es vulnerable a un desbordamiento del búfer en la región stack de la memoria, causado por una comprobación inapropiada de límites. Un atacante local podría aprovechar esta vulnerabilidad y causar una denegación de servicio. • https://exchange.xforce.ibmcloud.com/vulnerabilities/214438 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38901
https://notcve.org/view.php?id=CVE-2021-38901
13 Dec 2021 — IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610. IBM Spectrum Protect Operations Center versión 7.1, bajo configuraciones especiales, podría permitir a un usuario local obtener información altamente confidencial. IBM X-Force ID: 209610 • https://exchange.xforce.ibmcloud.com/vulnerabilities/209610 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4496
https://notcve.org/view.php?id=CVE-2020-4496
13 Dec 2021 — The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046. La conexión del servidor de IBM Spectrum Protect Plus versiones 10.1.0.0 a 10.1.8.x con un agente de carga de trabajo de IBM Spectrum Protect Plus está sujeta a un ataque de tipo "man-in-the-middle" debido a una comprobación inapropiada del certificado. IBM X-Force ID: 182046 • https://exchange.xforce.ibmcloud.com/vulnerabilities/182046 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20490
https://notcve.org/view.php?id=CVE-2021-20490
29 Jun 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.8, podría permitir a un usuario local causar una denegación de servicio debido a una configuración no segura de los permisos de los archivos. IBM X-Force ID: 197791 • https://exchange.xforce.ibmcloud.com/vulnerabilities/197791 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29694
https://notcve.org/view.php?id=CVE-2021-29694
26 Apr 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.7, utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. IBM X-Force ID: 200258 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200258 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29672 – Gentoo Linux Security Advisory 202209-02
https://notcve.org/view.php?id=CVE-2021-29672
26 Apr 2021 — IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479 IBM Spectrum Protect Client versiones 8.1.0.0-8 hasta 1.11.0, es vulnerable a un desbordamiento del búfer en la región stack de la memoria, causado por una comprobaci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/199479 • CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20546
https://notcve.org/view.php?id=CVE-2021-20546
26 Apr 2021 — IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934 IBM Spectrum Protect Client versiones 8.1.0.0 hasta 8.1.11.0, es vulnerable a un desbordamiento de búfer en la región stack de la memoria, causado por una comprobación de límites inapropiada. Un atacante local podría desbordar un búfer y causar que la aplicación se bloq... • https://exchange.xforce.ibmcloud.com/vulnerabilities/198934 • CWE-787: Out-of-bounds Write •