CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38901
https://notcve.org/view.php?id=CVE-2021-38901
13 Dec 2021 — IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610. IBM Spectrum Protect Operations Center versión 7.1, bajo configuraciones especiales, podría permitir a un usuario local obtener información altamente confidencial. IBM X-Force ID: 209610 • https://exchange.xforce.ibmcloud.com/vulnerabilities/209610 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4956
https://notcve.org/view.php?id=CVE-2020-4956
15 Feb 2021 — IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156. IBM Spectrum Protect Operations Center versiones 7.1 y 8.1, es vulnerable a una denegación de servicio, causada por un RPC... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192156 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.0EPSS: 1%CPEs: 2EXPL: 0CVE-2020-4955
https://notcve.org/view.php?id=CVE-2020-4955
15 Feb 2021 — IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155. IBM Spectrum Protect Operations Center versiones 7.1 y 8.1, podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, causado... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192155 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4954
https://notcve.org/view.php?id=CVE-2020-4954
15 Feb 2021 — IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153. IBM Spectrum Protect Operations Center versiones 7.1 y 8.1, p... • https://exchange.xforce.ibmcloud.com/vulnerabilities/192153 • CWE-384: Session Fixation •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4771
https://notcve.org/view.php?id=CVE-2020-4771
23 Nov 2020 — IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993. IBM Spectrum Protect Operations Center versiones 8.1.0.000 hasta 8.1.10. Y versiones 7.1.0.000 hasta 7.1.11, podría permitir a un ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188993 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4693
https://notcve.org/view.php?id=CVE-2020-4693
02 Sep 2020 — IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782. IBM Spectrum Protect Operations Center versiones 7.1.0.000 hasta 7.1.10 y versiones 8.1.0.000 hasta 8.1.9, puede permitir a un atacante ejecutar código arbitrario en el sistema, causado por una comprobación inapropiada de los datos antes de la exportación. IBM X-Force ID: 18678... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186782 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4129
https://notcve.org/view.php?id=CVE-2019-4129
02 Jul 2019 — IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279. Spectrum Protect Operations Center versiones 7.1 y 8.1 de IBM, podría permitir a un atacante remoto conseguir información confidencial, causada por un mensaje de erro... • http://www.ibm.com/support/docview.wss?uid=ibm10883236 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4088
https://notcve.org/view.php?id=CVE-2019-4088
02 Jul 2019 — IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511. Spectrum Protect Servers versiones 7.1 y 8.1 y Storage Agents de IBM, podrían permitir que un atacante local alcance privilegios elevados en el sistem... • http://www.ibm.com/support/docview.wss?uid=ibm10882472 •
CVSS: 10.0EPSS: 8%CPEs: 2EXPL: 0CVE-2019-4087
https://notcve.org/view.php?id=CVE-2019-4087
02 Jul 2019 — IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. IBM X-Force ID: 157510. IBM Spectrum Protect Servers versiones 7.1 y 8.1 y Storage A... • http://www.ibm.com/support/docview.wss?uid=ibm10882472 • CWE-787: Out-of-bounds Write •