CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4240 – IBM Spectrum Protect Plus plugin Directory Traversal File Creation Vulnerability
https://notcve.org/view.php?id=CVE-2020-4240
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podría permitir a un atacante remoto saltar directorios sobre el sistema. Un atacante podría enviar una petición URL especialmente diseñada para sobrescribir o crear archivos arbitrarios sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175417 https://www.ibm.com/support/pages/node/6116488 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 0CVE-2020-4241 – IBM Spectrum Protect Plus uploadHttpsCertificate Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4241
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. IBM Spectrum Scale e IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podrían permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175418 https://www.ibm.com/support/pages/node/6114130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 0CVE-2020-4242 – IBM Spectrum Protect Plus uploadLdapCertificate Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-4242
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419. IBM Spectrum Scale e IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.5, podrían permitir a un atacante autenticado remoto ejecutar comandos arbitrarios sobre el sistema. Mediante el envío de una petición especialmente diseñada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios sobre el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/175419 https://www.ibm.com/support/pages/node/6114130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4703
https://notcve.org/view.php?id=CVE-2019-4703
IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information. IBM Spectrum Protect Plus versiones 10.1.0 y 10.5.0, cuando protege a Microsoft SQL o Microsoft Exchange, podría permitir a un atacante con un conocimiento intimo del sistema obtener información altamente confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172013 https://www.ibm.com/support/pages/node/3177915 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4652
https://notcve.org/view.php?id=CVE-2019-4652
IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963. IBM Spectrum Protect Plus versiones 10.1.0 hasta 10.1.4, utiliza permisos de archivos no seguros en archivos y directorios restaurados en Windows, lo que podría permitir a un usuario local obtener información confidencial o realizar acciones no autorizadas. ID de IBM X-Force: 170963. • https://exchange.xforce.ibmcloud.com/vulnerabilities/170963 https://www.ibm.com/support/pages/node/1105683 • CWE-276: Incorrect Default Permissions •