CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22354
https://notcve.org/view.php?id=CVE-2022-22354
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485. IBM Spectrum Protect Plus versiones 10.1.0.0 hasta 10.1.9.2 e IBM Spectrum Copy Data Management versiones 2.2.0.0 hasta 2.2.14.3, no limitan la duración de una conexión, lo que podría permitir un ataque de denegación de servicio HTTP Slowloris. Esto puede causar que la consola de administración deje de responder. • https://exchange.xforce.ibmcloud.com/vulnerabilities/220485 https://www.ibm.com/support/pages/node/6562479 https://www.ibm.com/support/pages/node/6562989 •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39063
https://notcve.org/view.php?id=CVE-2021-39063
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956. IBM Spectrum Protect Plus versiones 10.1.0.0 hasta 10.1.8.x, usa Cross-Origin Resource Sharing (CORS), lo que podría permitir a un atacante llevar a cabo acciones privilegiadas y recuperar información confidencial debido a una configuración errónea en los encabezados de control de acceso. IBM X-Force ID: 214956 • https://exchange.xforce.ibmcloud.com/vulnerabilities/214956 https://www.ibm.com/support/pages/node/6525346 • CWE-346: Origin Validation Error •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39057
https://notcve.org/view.php?id=CVE-2021-39057
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616. IBM Spectrum Protect Plus versiones 10.1.0.0 hasta 10.1.8.x ,es vulnerable a un ataque de tipo server-side request forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas desde el sistema, conllevando potencialmente a una enumeración de la red o facilitar otros ataques. • https://exchange.xforce.ibmcloud.com/vulnerabilities/214616 https://www.ibm.com/support/pages/node/6525346 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.2EPSS: 0%CPEs: 15EXPL: 0CVE-2021-39048
https://notcve.org/view.php?id=CVE-2021-39048
IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438. IBM Spectrum Protect Client versiones 7.1 y 8.1, es vulnerable a un desbordamiento del búfer en la región stack de la memoria, causado por una comprobación inapropiada de límites. Un atacante local podría aprovechar esta vulnerabilidad y causar una denegación de servicio. • https://exchange.xforce.ibmcloud.com/vulnerabilities/214438 https://security.gentoo.org/glsa/202209-02 https://www.ibm.com/support/pages/node/6524706 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38901
https://notcve.org/view.php?id=CVE-2021-38901
IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610. IBM Spectrum Protect Operations Center versión 7.1, bajo configuraciones especiales, podría permitir a un usuario local obtener información altamente confidencial. IBM X-Force ID: 209610 • https://exchange.xforce.ibmcloud.com/vulnerabilities/209610 https://www.ibm.com/support/pages/node/6524924 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •