CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5018
https://notcve.org/view.php?id=CVE-2020-5018
08 Jan 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, puede incluir información confidencial en sus URL, incrementando el riesgo de que dicha información sea capturada por un atacante. IBM X-Force ID: 193654 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193654 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-4854
https://notcve.org/view.php?id=CVE-2020-4854
23 Nov 2020 — IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, contiene credenciales embebidas, como una contraseña o clave criptográfica, que utiliza para su propia autenticación entrante, comunicación saliente a componentes externos o cifrad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/190454 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4783
https://notcve.org/view.php?id=CVE-2020-4783
23 Nov 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, podría permitir a un atacante remoto obtener información confidencial, debido a un fallo al habilitar correctamente HTTP Strict Transp... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189214 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4711
https://notcve.org/view.php?id=CVE-2020-4711
15 Sep 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podría enviar una petición de URL especialmente diseñada que contenga secuencias de "dot dot" ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/187501 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4703
https://notcve.org/view.php?id=CVE-2020-4703
15 Sep 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, la Consola Administrativa podría permitir a un atacante autenticado cargar archivos arbitrarios que podrían ejecutar código arbitrario en el servidor vulnerable. ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/187188 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4631
https://notcve.org/view.php?id=CVE-2020-4631
04 Aug 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372. Los archivos del agente de IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, en configuraciones no predeterminadas, en Windows se presenta un acceso asignado a todos con permisos de control total, lo que podría permitir a un usuario lo... • https://exchange.xforce.ibmcloud.com/vulnerabilities/185372 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4565
https://notcve.org/view.php?id=CVE-2020-4565
26 Jun 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante obtener información confidencial debido a comunicaciones no seguras que son usadas entre la aplicación y el servidor. IBM X-Force ID: 183935 • https://exchange.xforce.ibmcloud.com/vulnerabilities/183935 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4477
https://notcve.org/view.php?id=CVE-2020-4477
15 Jun 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, divulga información altamente confidencial en texto plano en el archivo de registro virgo que podría ser usado en futuros ataques contra el sistema. IBM X-Force ID: 181779 • https://exchange.xforce.ibmcloud.com/vulnerabilities/181779 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4471
https://notcve.org/view.php?id=CVE-2020-4471
15 Jun 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante no autenticado causar una denegación de servicio o secuestrar sesiones DNS mediante el envío de un comando HTTP especialmente diseñado hacia el servidor remoto. IBM X-Force ID: 181726 • https://exchange.xforce.ibmcloud.com/vulnerabilities/181726 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4470
https://notcve.org/view.php?id=CVE-2020-4470
15 Jun 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725. La Consola Administrativa de IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante autenticado cargar archivos arbitrarios que podrían estar ejecutando código arbitrario en el servidor vulnerable. IBM X-Force ID: 181724 • https://exchange.xforce.ibmcloud.com/vulnerabilities/181725 • CWE-434: Unrestricted Upload of File with Dangerous Type •