CVE-2020-5018
https://notcve.org/view.php?id=CVE-2020-5018
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, puede incluir información confidencial en sus URL, incrementando el riesgo de que dicha información sea capturada por un atacante. IBM X-Force ID: 193654 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193654 https://www.ibm.com/support/pages/node/6398754 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2020-4854
https://notcve.org/view.php?id=CVE-2020-4854
IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, contiene credenciales embebidas, como una contraseña o clave criptográfica, que utiliza para su propia autenticación entrante, comunicación saliente a componentes externos o cifrado de datos internos. IBM X-Force ID: 190454 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190454 https://www.ibm.com/support/pages/node/6367823 https://www.tenable.com/security/research/tra-2020-66 • CWE-798: Use of Hard-coded Credentials •
CVE-2020-4783
https://notcve.org/view.php?id=CVE-2020-4783
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, podría permitir a un atacante remoto obtener información confidencial, debido a un fallo al habilitar correctamente HTTP Strict Transport Security. Un atacante podría aprovechar esta vulnerabilidad para obtener información confidencial usando técnicas de tipo man in the middle. • https://exchange.xforce.ibmcloud.com/vulnerabilities/189214 https://www.ibm.com/support/pages/node/6368601 • CWE-862: Missing Authorization •
CVE-2020-4711
https://notcve.org/view.php?id=CVE-2020-4711
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, podría permitir a un atacante remoto saltar directorios en el sistema. Un atacante podría enviar una petición de URL especialmente diseñada que contenga secuencias de "dot dot" (/../) para visualizar archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/187501 https://www.ibm.com/support/pages/node/6328867 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-4703
https://notcve.org/view.php?id=CVE-2020-4703
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, la Consola Administrativa podría permitir a un atacante autenticado cargar archivos arbitrarios que podrían ejecutar código arbitrario en el servidor vulnerable. Esta vulnerabilidad es debido a una corrección incompleta para CVE-2020-4470. • https://exchange.xforce.ibmcloud.com/vulnerabilities/187188 https://www.ibm.com/support/pages/node/6328867 • CWE-434: Unrestricted Upload of File with Dangerous Type •