CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38329 – IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass
https://notcve.org/view.php?id=CVE-2024-38329
19 Jun 2024 — IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994. IBM Storage Protect for Virtual Environments: Data Protection f... • https://exchange.xforce.ibmcloud.com/vulnerabilities/294994 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27277 – IBM Storage Protect Plus Server information disclosure
https://notcve.org/view.php?id=CVE-2024-27277
21 Mar 2024 — The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205. La clave privada del certificado IBM Storage Protect Plus Server 10.1.0 a 10.1.16 se puede divulgar, lo que socava la seguridad del certificado. ID de IBM X-Force: 285205. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285205 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47715 – IBM Storage Protect Plus Server improper access control
https://notcve.org/view.php?id=CVE-2023-47715
21 Mar 2024 — IBM Storage Protect Plus Server 10.1.0 through 10.1.16 could allow an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration. IBM X-Force ID: 271538. IBM Storage Protect Plus Server 10.1.0 a 10.1.16 podría permitir que un usuario autenticado con permisos de solo lectura agregue o elimine entradas de una configuración de HyperVisor existente. ID de IBM X-Force: 271538. • https://exchange.xforce.ibmcloud.com/vulnerabilities/271538 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50963 – IBM Storage Defender HTTP HOST header injection
https://notcve.org/view.php?id=CVE-2023-50963
19 Jan 2024 — IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101. IBM Storage Defender - Data Protect 1.0.0 a 1.4.1 es vulnerable a la inyección de encabezados HTTP, causada por una validación incorrecta de la entrada por parte de los enc... • https://exchange.xforce.ibmcloud.com/vulnerabilities/276101 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35897 – IBM Spectrum Protect code execution
https://notcve.org/view.php?id=CVE-2023-35897
06 Oct 2023 — IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. IBM Spectrum Protect Client e IBM Storage Protect for Virtual Environments 8.1.0.0 a 8.1.19.0 podrían permitir a un usuario local ejecutar código arbitrario en el sistema utilizando un archivo especialmente manipulado, causado por una falla de secuestro d... • https://exchange.xforce.ibmcloud.com/vulnerabilities/259246 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-427: Uncontrolled Search Path Element •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40368 – IBM Storage Protect information disclosure
https://notcve.org/view.php?id=CVE-2023-40368
20 Sep 2023 — IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456. IBM Storage Protect 8.1.0.0 a 8.1.19.0 podría permitir que un usuario privilegiado obtenga información sensible del cliente de línea de comando administrativo. ID de IBM X-Force: 263456. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263456 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-1786
https://notcve.org/view.php?id=CVE-2018-1786
12 Nov 2018 — IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871. Los procesos dsmc y dsmcad de IBM Spectrum Protect 7.1 y 8.1 acumulan incorrectamente sockets TCP/IP en un estado CLOSE_WAIT. Esto puede provocar el filtrado del recurso TCP/IP y podría resultar en una denegación de servicio (DoS). • http://www.ibm.com/support/docview.wss?uid=ibm10738765 • CWE-400: Uncontrolled Resource Consumption •