CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20536
https://notcve.org/view.php?id=CVE-2021-20536
IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. IBM Spectrum Protect Plus File Systems Agent versiones 10.1.6 y 10.1.7, almacena información potencialmente confidencial en archivos de registro que podría ser leído por un usuario local. IBM X-Force ID: 198836 • https://exchange.xforce.ibmcloud.com/vulnerabilities/198836 https://www.ibm.com/support/pages/node/6445739 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20532
https://notcve.org/view.php?id=CVE-2021-20532
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their privileges to take full control of the system due to insecure directory permissions. IBM X-Force ID: 198811. IBM Spectrum Protect Client versiones 8.1.0.0 hasta 8.1.11.0, podría permitir a un usuario local escalar sus privilegios para tomar el control total del sistema debido a permisos de directorio no seguros. IBM X-Force ID: 198811 • https://exchange.xforce.ibmcloud.com/vulnerabilities/198811 https://www.ibm.com/support/pages/node/6445503 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20432
https://notcve.org/view.php?id=CVE-2021-20432
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 196344. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.7, utiliza el Cross-Origin Resource Sharing (CORS), que podría permitir a un atacante llevar a cabo acciones privilegiadas y recuperar información confidencial, ya que el nombre de dominio no se limita solo a los dominios confiables. IBM X-Force ID: 196344 • https://exchange.xforce.ibmcloud.com/vulnerabilities/196344 https://www.ibm.com/support/pages/node/6445733 •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20491
https://notcve.org/view.php?id=CVE-2021-20491
IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792. IBM Spectrum Protect Server versiones 7.1 y 8.1, está sujeto a un desbordamiento de búfer en la región stack de la memoria causado por una comprobación de límites inapropiada durante el análisis de los comandos. Al emitir un comando de este tipo con un parámetro inapropiado, un administrador autorizado podría desbordar un búfer y causar que el servidor se bloquee. • https://exchange.xforce.ibmcloud.com/vulnerabilities/197792 https://www.ibm.com/support/pages/node/6442993 • CWE-787: Out-of-bounds Write •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4956
https://notcve.org/view.php?id=CVE-2020-4956
IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156. IBM Spectrum Protect Operations Center versiones 7.1 y 8.1, es vulnerable a una denegación de servicio, causada por un RPC que permite a determinados valores de caché ser ajustada y ser volcada a un archivo. Al ajustar un valor de caché enormemente grande y volcar ese valor en caché en un archivo múltiples veces, un atacante remoto podría explotar esta vulnerabilidad para causar el consumo de todos los recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192156 https://www.ibm.com/support/pages/node/6404966 • CWE-400: Uncontrolled Resource Consumption •