Page 7 of 99 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4216 – IBM Spectrum Protect Plus Hardcoded Username And Password Authentication Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2020-4216

15 Jun 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, contiene credenciales embebidas, tales como una contraseña o clave criptográfica, que es usada para su propia autenticación entrante, comunicación saliente hacia componentes extern... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175066 • CWE-798: Use of Hard-coded Credentials •

CVSS: 10.0EPSS: 24%CPEs: 2EXPL: 0

CVE-2020-4415

https://notcve.org/view.php?id=CVE-2020-4415

23 Apr 2020 — IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990. El servidor de IBM Spectrum Protect versiones 7.1 y 8.1, es vulnerable a un desbordamiento del búfer en la región stack de la memoria causado por una ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/179990 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •

CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 0

CVE-2020-4206 – IBM Spectrum Protect Plus timezone Command Injection Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-4206

31 Mar 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante remoto ejecutar comandos arbitrarios sobre el sistema en el contexto del usuario root, causado por una comprobación inapropiada de la entrada suministrada por el usuario. ID de IBM X-Force: 174966... • https://exchange.xforce.ibmcloud.com/vulnerabilities/174966 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4208 – IBM Spectrum Protect Plus serveradmin Authentication Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2020-4208

31 Mar 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, contiene credenciales embebidas, tales como una contraseña o clave criptográfica, que las usa para su propia autenticación entrante, comunicación saliente a componentes externos o ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/174975 • CWE-798: Use of Hard-coded Credentials •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-4209 – IBM Spectrum Protect Plus uploadHttpsCertificate Directory Traversal File Creation Vulnerability

https://notcve.org/view.php?id=CVE-2020-4209

31 Mar 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019. IBM Spectrum Protect Plus versiones10.1.0 hasta la versión 10.1.5, podría permitir a un atacante remoto saltar directorios del sistema. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias "dot dot" (... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175019 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4214 – IBM Spectrum Protect Plus cleanupUpdateImage Arbitrary Directory Deletion Vulnerability

https://notcve.org/view.php?id=CVE-2020-4214

31 Mar 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante remoto eliminar arbitrariamente un directorio, causado por una comprobación inapropiada de la entrada suministrada por el usuario. ID de IBM X-Force: 175026. This vulnerability allows remote attackers to delete arbitrary directories on a... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175026 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-4240 – IBM Spectrum Protect Plus plugin Directory Traversal File Creation Vulnerability

https://notcve.org/view.php?id=CVE-2020-4240

31 Mar 2020 — IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante remoto saltar directorios sobre el sistema. Un atacante podría enviar una petición URL especialmente diseñada para sobrescribir o crear archivos arbitrarios sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175417 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.0EPSS: 11%CPEs: 2EXPL: 0

CVE-2020-4241 – IBM Spectrum Protect Plus uploadHttpsCertificate Command Injection Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-4241

31 Mar 2020 — IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. IBM Spectrum Scale e IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podrían permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de u... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175418 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 0

CVE-2020-4242 – IBM Spectrum Protect Plus uploadLdapCertificate Command Injection Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-4242

31 Mar 2020 — IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419. IBM Spectrum Scale e IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podrían permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de u... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175419 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 53%CPEs: 2EXPL: 0

CVE-2020-4222 – IBM Spectrum Protect Plus password Command Injection Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-4222

24 Feb 2020 — IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091. IBM Spectrum Protect Plus versiones 10.1.0 y 10.1.5, podría permitir a un atacante remoto ejecutar código arbitrario sobre el sistema. Mediante el uso de un comando HTTP especialmente diseñado, un atacante podría explotar esta vulnerabilidad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175091 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •