CVSS: 5.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-2025
https://notcve.org/view.php?id=CVE-2018-2025
25 Nov 2019 — IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551. IBM Spectrum Protect Backup-Archive Client e IBM Spectrum Protect for Virtual Environments versiones 7.1 y 8.1, crean directorios y archivos en el subdirectorio CIT que pueden ser leído y escrito por todos. ID de IBM X-Force: 155551. • https://exchange.xforce.ibmcloud.com/vulnerabilities/155551 • CWE-276: Incorrect Default Permissions •
CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2018-1882
https://notcve.org/view.php?id=CVE-2018-1882
08 Apr 2019 — In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968. En ciertas configuraciones atípicas de IBM Spectrum Protect versiones 7.1 y 8.1, la contraseña del nodo podría mostrarse en texto plano en el archivo de rastreo del cliente de IBM Spectrum Protect. ID de IBM X-Force: 151968. • http://www.ibm.com/support/docview.wss?uid=ibm10869208 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-1787
https://notcve.org/view.php?id=CVE-2018-1787
08 Apr 2019 — IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vulnerability caused by insecure file permissions. IBM X-Force ID: 148872. IBM Spectrum Protect versiones 7.1 y 8.1, se ve afectado por una vulnerabilidad de exposición de contraseña causada por permisos de archivos no seguros. ID de IBM X-Force: 148872. • http://www.ibm.com/support/docview.wss?uid=ibm10869602 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1785
https://notcve.org/view.php?id=CVE-2018-1785
26 Sep 2018 — IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870. IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 y 8.1) emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información sensible. IBM X-Force ID: 148870. • http://www.ibm.com/support/docview.wss?uid=ibm10729873 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1545
https://notcve.org/view.php?id=CVE-2018-1545
26 Sep 2018 — IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649. IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 y 8.1) emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 142649. • http://www.ibm.com/support/docview.wss?uid=ibm10718013 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1447
https://notcve.org/view.php?id=CVE-2018-1447
04 Apr 2018 — The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972. • http://www.ibm.com/support/docview.wss?uid=swg22014669 • CWE-916: Use of Password Hash With Insufficient Computational Effort •