CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4591
https://notcve.org/view.php?id=CVE-2020-4591
28 Aug 2020 — IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746. IBM Spectrum Protect Server versiones 8.1.0.000 hasta 8.1.10.000, podría revelar información confidencial en configuraciones no predeterminadas debido a que ocasionalmente no cifra el segundo fragmento de un objeto en un grupo de contenedores cifrado. IBM X-Force ID: 184746 • https://exchange.xforce.ibmcloud.com/vulnerabilities/184746 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-4559
https://notcve.org/view.php?id=CVE-2020-4559
28 Aug 2020 — IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613. IBM Spectrum Protect versiones 7.1 y 8.1, podrían permitir a un atacante causar una denegación de servicio debido a una comprobación inapropiada de la entrada suministrada por el usuario. IBM X-Force ID: 183613 • https://exchange.xforce.ibmcloud.com/vulnerabilities/183613 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4631
https://notcve.org/view.php?id=CVE-2020-4631
04 Aug 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372. Los archivos del agente de IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.6, en configuraciones no predeterminadas, en Windows se presenta un acceso asignado a todos con permisos de control total, lo que podría permitir a un usuario lo... • https://exchange.xforce.ibmcloud.com/vulnerabilities/185372 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4565
https://notcve.org/view.php?id=CVE-2020-4565
26 Jun 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante obtener información confidencial debido a comunicaciones no seguras que son usadas entre la aplicación y el servidor. IBM X-Force ID: 183935 • https://exchange.xforce.ibmcloud.com/vulnerabilities/183935 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-4494
https://notcve.org/view.php?id=CVE-2020-4494
15 Jun 2020 — IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019. IBM Spectrum Protect Client versiones 8.1.7.0 hasta 8.1.9.1 (Linux y Windows), versiones 8.1.9.0 hasta 8.1.9.1 (AIX) e ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182019 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4477
https://notcve.org/view.php?id=CVE-2020-4477
15 Jun 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, divulga información altamente confidencial en texto plano en el archivo de registro virgo que podría ser usado en futuros ataques contra el sistema. IBM X-Force ID: 181779 • https://exchange.xforce.ibmcloud.com/vulnerabilities/181779 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4471
https://notcve.org/view.php?id=CVE-2020-4471
15 Jun 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante no autenticado causar una denegación de servicio o secuestrar sesiones DNS mediante el envío de un comando HTTP especialmente diseñado hacia el servidor remoto. IBM X-Force ID: 181726 • https://exchange.xforce.ibmcloud.com/vulnerabilities/181726 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4470
https://notcve.org/view.php?id=CVE-2020-4470
15 Jun 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725. La Consola Administrativa de IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante autenticado cargar archivos arbitrarios que podrían estar ejecutando código arbitrario en el servidor vulnerable. IBM X-Force ID: 181724 • https://exchange.xforce.ibmcloud.com/vulnerabilities/181725 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 46%CPEs: 1EXPL: 0CVE-2020-4469
https://notcve.org/view.php?id=CVE-2020-4469
15 Jun 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/181724 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2020-4406
https://notcve.org/view.php?id=CVE-2020-4406
15 Jun 2020 — IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Fo... • https://exchange.xforce.ibmcloud.com/vulnerabilities/179488 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •