CVSS: 10.0EPSS: 53%CPEs: 2EXPL: 0CVE-2020-4213 – IBM Spectrum Protect Plus username Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4213
24 Feb 2020 — IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024. IBM Spectrum Protect Plus versiones 10.1.0 y 10.1.5, podría permitir a un atacante remoto ejecutar código arbitrario sobre el sistema. Mediante el uso de un comando HTTP especialmente diseñado, un atacante podría explotar esta vulnerabilidad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175024 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 34%CPEs: 3EXPL: 0CVE-2020-4212 – IBM Spectrum Protect Plus hfpackage Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4212
24 Feb 2020 — IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023. IBM Spectrum Protect Plus versiones 10.1.0 y 10.1.5, podría permitir a un atacante remoto ejecutar código arbitrario sobre el sistema. Mediante el uso de un comando HTTP especialmente diseñado, un atacante podría explotar esta vulnerabilidad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175023 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 48%CPEs: 3EXPL: 0CVE-2020-4211 – IBM Spectrum Protect Plus hostname Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4211
24 Feb 2020 — IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022. IBM Spectrum Protect Plus versiones 10.1.0 y 10.1.5, podría permitir a un atacante remoto ejecutar código arbitrario sobre el sistema. Mediante el uso de un comando HTTP especialmente diseñado, un atacante podría explotar esta vulnerabilidad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175022 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 53%CPEs: 3EXPL: 0CVE-2020-4210 – IBM Spectrum Protect Plus changeAdministratorPassword Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4210
24 Feb 2020 — IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020. IBM Spectrum Protect Plus versiones 10.1.0 y 10.1.5, podría permitir a un atacante remoto ejecutar código arbitrario sobre el sistema. Mediante el uso de un comando HTTP especialmente diseñado, un atacante podría explotar esta vulnerabilidad... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175020 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4703
https://notcve.org/view.php?id=CVE-2019-4703
24 Feb 2020 — IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information. IBM Spectrum Protect Plus versiones 10.1.0 y 10.5.0, cuando protege a Microsoft SQL o Microsoft Exchange, podría permitir a un atacante con un conocimiento intimo del sistema obtener información altamente confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172013 •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4406
https://notcve.org/view.php?id=CVE-2019-4406
25 Nov 2019 — IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerable to a denial of service attack due to a timing issue between client and server TCP/IP communications. IBM X-Force ID: 162477. IBM Spectrum Protect Backup-Archive Client versiones 7.1 y 8.1, pueden ser vulnerables a un ataque de denegación de servicio debido a un problema de sincronización entre las comunicaciones TCP/IP del cliente y el servidor. ID de IBM X-Force: 162477. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162477 •
CVSS: 5.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-2025
https://notcve.org/view.php?id=CVE-2018-2025
25 Nov 2019 — IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551. IBM Spectrum Protect Backup-Archive Client e IBM Spectrum Protect for Virtual Environments versiones 7.1 y 8.1, crean directorios y archivos en el subdirectorio CIT que pueden ser leído y escrito por todos. ID de IBM X-Force: 155551. • https://exchange.xforce.ibmcloud.com/vulnerabilities/155551 • CWE-276: Incorrect Default Permissions •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4652
https://notcve.org/view.php?id=CVE-2019-4652
12 Nov 2019 — IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.4, utiliza permisos de archivos no seguros en archivos y directorios restaurados en Windows, lo que podría permitir a un usuario local obtener información confidencial o realizar acciones no autorizadas. ID de IBM ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/170963 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4267
https://notcve.org/view.php?id=CVE-2019-4267
22 Jul 2019 — The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. This could allow execution of arbitrary code on the local system or the application to crash. IBM X-Force ID: 160200. El cliente Backup-Archive en IBM Spectrum Protect versión 7.1 y 8.1 es vulnerable a un desbordamiento de búfer. Esto podría permitir la ejecución de código arbitrario en el sistema local o el cierre inesperado de la aplicación. • http://www.ibm.com/support/docview.wss?uid=ibm10884768 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4236
https://notcve.org/view.php?id=CVE-2019-4236
22 Jul 2019 — A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418. Una operación de copia de seguridad o archivado del cliente Spectrum Protect de IBM versión 7.l que es ejecutado para un objeto H... • https://exchange.xforce.ibmcloud.com/vulnerabilities/159418 • CWE-19: Data Processing Errors •