CVSS: 9.0EPSS: 27%CPEs: 1EXPL: 0CVE-2020-4206 – IBM Spectrum Protect Plus timezone Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4206
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante remoto ejecutar comandos arbitrarios sobre el sistema en el contexto del usuario root, causado por una comprobación inapropiada de la entrada suministrada por el usuario. ID de IBM X-Force: 174966. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM Spectrum Protect Plus. • https://exchange.xforce.ibmcloud.com/vulnerabilities/174966 https://www.ibm.com/support/pages/node/6114130 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4214 – IBM Spectrum Protect Plus cleanupUpdateImage Arbitrary Directory Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2020-4214
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante remoto eliminar arbitrariamente un directorio, causado por una comprobación inapropiada de la entrada suministrada por el usuario. ID de IBM X-Force: 175026. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of IBM Spectrum Protect Plus. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175026 https://www.ibm.com/support/pages/node/6114130 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4208 – IBM Spectrum Protect Plus serveradmin Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-4208
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, contiene credenciales embebidas, tales como una contraseña o clave criptográfica, que las usa para su propia autenticación entrante, comunicación saliente a componentes externos o cifrado de datos internos. ID de IBM X-Force: 174975. This vulnerability allows remote attackers to bypass authentication on affected installations of IBM Spectrum Protect Plus. • https://exchange.xforce.ibmcloud.com/vulnerabilities/174975 https://www.ibm.com/support/pages/node/6114130 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4703
https://notcve.org/view.php?id=CVE-2019-4703
IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information. IBM Spectrum Protect Plus versiones 10.1.0 y 10.5.0, cuando protege a Microsoft SQL o Microsoft Exchange, podría permitir a un atacante con un conocimiento intimo del sistema obtener información altamente confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172013 https://www.ibm.com/support/pages/node/3177915 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4652
https://notcve.org/view.php?id=CVE-2019-4652
IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.4, utiliza permisos de archivos no seguros en archivos y directorios restaurados en Windows, lo que podría permitir a un usuario local obtener información confidencial o realizar acciones no autorizadas. ID de IBM X-Force: 170963. • https://exchange.xforce.ibmcloud.com/vulnerabilities/170963 https://www.ibm.com/support/pages/node/1105683 • CWE-276: Incorrect Default Permissions •