CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4140
https://notcve.org/view.php?id=CVE-2019-4140
02 Jul 2019 — IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336. Tivoli Storage Manager Server (IBM Spectrum Protect versiones 7.1 y 8.1) de IBM, podría permitir a un usuario local reemplazar las bases de datos existentes mediante la restauración de datos antiguos. ID de IBM X-Force: 158336. • http://www.ibm.com/support/docview.wss?uid=ibm10883346 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4129
https://notcve.org/view.php?id=CVE-2019-4129
02 Jul 2019 — IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279. Spectrum Protect Operations Center versiones 7.1 y 8.1 de IBM, podría permitir a un atacante remoto conseguir información confidencial, causada por un mensaje de erro... • http://www.ibm.com/support/docview.wss?uid=ibm10883236 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4088
https://notcve.org/view.php?id=CVE-2019-4088
02 Jul 2019 — IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511. Spectrum Protect Servers versiones 7.1 y 8.1 y Storage Agents de IBM, podrían permitir que un atacante local alcance privilegios elevados en el sistem... • http://www.ibm.com/support/docview.wss?uid=ibm10882472 •
CVSS: 10.0EPSS: 8%CPEs: 2EXPL: 0CVE-2019-4087
https://notcve.org/view.php?id=CVE-2019-4087
02 Jul 2019 — IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. IBM X-Force ID: 157510. IBM Spectrum Protect Servers versiones 7.1 y 8.1 y Storage A... • http://www.ibm.com/support/docview.wss?uid=ibm10882472 • CWE-787: Out-of-bounds Write •
CVSS: 7.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4383
https://notcve.org/view.php?id=CVE-2019-4383
01 Jul 2019 — When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165. Cuando se utiliza IBM Spectrum Protect Plus versiones 10.1.0, 10.1.2 y 10.1.3, para proteger las bases de datos Oracle o MongoDB, una operación de restauración redirigida puede resultar en una escalada de privilegios de usuario. ID de IBM X-Force: 162165. • http://www.ibm.com/support/docview.wss?uid=ibm10886111 •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4357
https://notcve.org/view.php?id=CVE-2019-4357
01 Jul 2019 — When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667, Cuando se utiliza IBM Spectrum Protect Plus versiones 10.1.0, 10.1.2 y 10.1.3 para proteger las bases de datos Oracle, DB2 o MongoDB, una operación de restauración redirigida que especifique una ruta de destino puede permitir la ejecución de código arbitrario en el sist... • http://www.ibm.com/support/docview.wss?uid=ibm10886111 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4385
https://notcve.org/view.php?id=CVE-2019-4385
19 Jun 2019 — IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173. IBM Spectrum Protect Plus 10.1.2 puede mostrar la contraseña CIFS de vSnap en el Joblog de IBM Spectrum Protect Plus. Esto puede hacer que un atacante obtenga acceso a información confidencial, así como a vSnap. • http://www.ibm.com/support/docview.wss?uid=ibm10886099 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2018-1882
https://notcve.org/view.php?id=CVE-2018-1882
08 Apr 2019 — In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968. En ciertas configuraciones atípicas de IBM Spectrum Protect versiones 7.1 y 8.1, la contraseña del nodo podría mostrarse en texto plano en el archivo de rastreo del cliente de IBM Spectrum Protect. ID de IBM X-Force: 151968. • http://www.ibm.com/support/docview.wss?uid=ibm10869208 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1853
https://notcve.org/view.php?id=CVE-2018-1853
08 Apr 2019 — IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014. IBM Tivoli Storage Manager (IBM Spectrum Protect versiones 7.1 y 8.1), podría permitir a un atacante remoto secuestrar la acción de cliqueo de la víctima... • http://www.ibm.com/support/docview.wss?uid=ibm10870718 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-1787
https://notcve.org/view.php?id=CVE-2018-1787
08 Apr 2019 — IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vulnerability caused by insecure file permissions. IBM X-Force ID: 148872. IBM Spectrum Protect versiones 7.1 y 8.1, se ve afectado por una vulnerabilidad de exposición de contraseña causada por permisos de archivos no seguros. ID de IBM X-Force: 148872. • http://www.ibm.com/support/docview.wss?uid=ibm10869602 • CWE-732: Incorrect Permission Assignment for Critical Resource •