CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4208 – IBM Spectrum Protect Plus serveradmin Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-4208
31 Mar 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, contiene credenciales embebidas, tales como una contraseña o clave criptográfica, que las usa para su propia autenticación entrante, comunicación saliente a componentes externos o ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/174975 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4209 – IBM Spectrum Protect Plus uploadHttpsCertificate Directory Traversal File Creation Vulnerability
https://notcve.org/view.php?id=CVE-2020-4209
31 Mar 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019. IBM Spectrum Protect Plus versiones10.1.0 hasta la versión 10.1.5, podría permitir a un atacante remoto saltar directorios del sistema. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias "dot dot" (... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175019 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4214 – IBM Spectrum Protect Plus cleanupUpdateImage Arbitrary Directory Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2020-4214
31 Mar 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante remoto eliminar arbitrariamente un directorio, causado por una comprobación inapropiada de la entrada suministrada por el usuario. ID de IBM X-Force: 175026. This vulnerability allows remote attackers to delete arbitrary directories on a... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175026 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4240 – IBM Spectrum Protect Plus plugin Directory Traversal File Creation Vulnerability
https://notcve.org/view.php?id=CVE-2020-4240
31 Mar 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante remoto saltar directorios sobre el sistema. Un atacante podría enviar una petición URL especialmente diseñada para sobrescribir o crear archivos arbitrarios sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175417 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 11%CPEs: 2EXPL: 0CVE-2020-4241 – IBM Spectrum Protect Plus uploadHttpsCertificate Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4241
31 Mar 2020 — IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. IBM Spectrum Scale e IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podrían permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de u... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175418 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 0CVE-2020-4242 – IBM Spectrum Protect Plus uploadLdapCertificate Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4242
31 Mar 2020 — IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419. IBM Spectrum Scale e IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podrían permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de u... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175419 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4703
https://notcve.org/view.php?id=CVE-2019-4703
24 Feb 2020 — IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information. IBM Spectrum Protect Plus versiones 10.1.0 y 10.5.0, cuando protege a Microsoft SQL o Microsoft Exchange, podría permitir a un atacante con un conocimiento intimo del sistema obtener información altamente confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172013 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4652
https://notcve.org/view.php?id=CVE-2019-4652
12 Nov 2019 — IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.4, utiliza permisos de archivos no seguros en archivos y directorios restaurados en Windows, lo que podría permitir a un usuario local obtener información confidencial o realizar acciones no autorizadas. ID de IBM ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/170963 • CWE-276: Incorrect Default Permissions •
CVSS: 7.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4383
https://notcve.org/view.php?id=CVE-2019-4383
01 Jul 2019 — When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165. Cuando se utiliza IBM Spectrum Protect Plus versiones 10.1.0, 10.1.2 y 10.1.3, para proteger las bases de datos Oracle o MongoDB, una operación de restauración redirigida puede resultar en una escalada de privilegios de usuario. ID de IBM X-Force: 162165. • http://www.ibm.com/support/docview.wss?uid=ibm10886111 •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4357
https://notcve.org/view.php?id=CVE-2019-4357
01 Jul 2019 — When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667, Cuando se utiliza IBM Spectrum Protect Plus versiones 10.1.0, 10.1.2 y 10.1.3 para proteger las bases de datos Oracle, DB2 o MongoDB, una operación de restauración redirigida que especifique una ruta de destino puede permitir la ejecución de código arbitrario en el sist... • http://www.ibm.com/support/docview.wss?uid=ibm10886111 •