CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20536
https://notcve.org/view.php?id=CVE-2021-20536
26 Apr 2021 — IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. IBM Spectrum Protect Plus File Systems Agent versiones 10.1.6 y 10.1.7, almacena información potencialmente confidencial en archivos de registro que podría ser leído por un usuario local. IBM X-Force ID: 198836 • https://exchange.xforce.ibmcloud.com/vulnerabilities/198836 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20532
https://notcve.org/view.php?id=CVE-2021-20532
26 Apr 2021 — IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811. IBM Spectrum Protect Client versiones 8.1.0.0 hasta 8.1.11.0, podría permitir a un usuario local escalar sus privilegios para tomar el control total del sistema debido a permisos de directorio no seguros. IBM X-Force ID: 198811 • https://exchange.xforce.ibmcloud.com/vulnerabilities/198811 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20432
https://notcve.org/view.php?id=CVE-2021-20432
26 Apr 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 196344. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.7, utiliza el Cross-Origin Resource Sharing (CORS), que podría permitir a un atacante llevar a cabo acciones privilegiadas y recuperar información confidencial, ya que el nombre de d... • https://exchange.xforce.ibmcloud.com/vulnerabilities/196344 •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20491
https://notcve.org/view.php?id=CVE-2021-20491
16 Apr 2021 — IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792. IBM Spectrum Protect Server versiones 7.1 y 8.1, está sujeto a un desbordamiento de búfer en la región stack de la memoria causado por una comprobación de límites inapropiada durante el análisis de lo... • https://exchange.xforce.ibmcloud.com/vulnerabilities/197792 • CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4956
https://notcve.org/view.php?id=CVE-2020-4956
15 Feb 2021 — IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156. IBM Spectrum Protect Operations Center versiones 7.1 y 8.1, es vulnerable a una denegación de servicio, causada por un RPC... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192156 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.0EPSS: 1%CPEs: 2EXPL: 0CVE-2020-4955
https://notcve.org/view.php?id=CVE-2020-4955
15 Feb 2021 — IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155. IBM Spectrum Protect Operations Center versiones 7.1 y 8.1, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, causado... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192155 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4954
https://notcve.org/view.php?id=CVE-2020-4954
15 Feb 2021 — IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153. IBM Spectrum Protect Operations Center versiones 7.1 y 8.1, p... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192153 • CWE-384: Session Fixation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5023
https://notcve.org/view.php?id=CVE-2020-5023
10 Feb 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659. IBM Spectrum Protect Plus versiones 10.1.0 a 10.1.7, podría permitir que un usuario remoto inyecte datos arbitrarios, lo que podría hacer que el servicio se bloquee debido al consumo excesivo de recursos. IBM X-Force ID: 193659 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193659 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5022
https://notcve.org/view.php?id=CVE-2020-5022
08 Jan 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, puede permitir un acceso no autenticado y no autorizado al proxy VDAP, lo que puede resultar a un atacante conseguir información a la que no está autorizado a acceder. IBM X-Force ID: 193658 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193658 • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5021
https://notcve.org/view.php?id=CVE-2020-5021
08 Jan 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, no comprueba una sesión después de un restablecimiento de contraseña lo que podría permitir a un usuario local hacerse pasar por otro usuario en el sistema. IBM X-Force ID: 193657 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193657 • CWE-384: Session Fixation •