CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5020
https://notcve.org/view.php?id=CVE-2020-5020
08 Jan 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 193656. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, podría permitir a un atacante remoto secuestrar la acción de clic de la víctima. Al persuadir a una vícti... • https://exchange.xforce.ibmcloud.com/vulnerabilities/193656 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5019
https://notcve.org/view.php?id=CVE-2020-5019
08 Jan 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 193655. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, s... • https://exchange.xforce.ibmcloud.com/vulnerabilities/193655 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5018
https://notcve.org/view.php?id=CVE-2020-5018
08 Jan 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, puede incluir información confidencial en sus URL, incrementando el riesgo de que dicha información sea capturada por un atacante. IBM X-Force ID: 193654 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193654 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5017
https://notcve.org/view.php?id=CVE-2020-5017
08 Jan 2021 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, puede permitir a un usuario local conseguir acceso a información más allá de su rol y permisos previstos. IBM X-Force ID: 193653 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193653 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-4854
https://notcve.org/view.php?id=CVE-2020-4854
23 Nov 2020 — IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, contiene credenciales embebidas, como una contraseña o clave criptográfica, que utiliza para su propia autenticación entrante, comunicación saliente a componentes externos o cifrad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/190454 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4783
https://notcve.org/view.php?id=CVE-2020-4783
23 Nov 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, podría permitir a un atacante remoto obtener información confidencial, debido a un fallo al habilitar correctamente HTTP Strict Transp... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189214 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4771
https://notcve.org/view.php?id=CVE-2020-4771
23 Nov 2020 — IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993. IBM Spectrum Protect Operations Center versiones 8.1.0.000 hasta 8.1.10. Y versiones 7.1.0.000 hasta 7.1.11, podría permitir a un ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188993 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4711
https://notcve.org/view.php?id=CVE-2020-4711
15 Sep 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podría enviar una petición de URL especialmente diseñada que contenga secuencias de "dot dot" ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/187501 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4703
https://notcve.org/view.php?id=CVE-2020-4703
15 Sep 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, la Consola Administrativa podría permitir a un atacante autenticado cargar archivos arbitrarios que podrían ejecutar código arbitrario en el servidor vulnerable. ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/187188 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4693
https://notcve.org/view.php?id=CVE-2020-4693
02 Sep 2020 — IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782. IBM Spectrum Protect Operations Center versiones 7.1.0.000 hasta 7.1.10 y versiones 8.1.0.000 hasta 8.1.9, puede permitir a un atacante ejecutar código arbitrario en el sistema, causado por una comprobación inapropiada de los datos antes de la exportación. IBM X-Force ID: 18678... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186782 • CWE-20: Improper Input Validation •