CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-35897 – IBM Spectrum Protect code execution
https://notcve.org/view.php?id=CVE-2023-35897
06 Oct 2023 — IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. IBM Spectrum Protect Client e IBM Storage Protect for Virtual Environments 8.1.0.0 a 8.1.19.0 podrían permitir a un usuario local ejecutar código arbitrario en el sistema utilizando un archivo especialmente manipulado, causado por una falla de secuestro d... • https://exchange.xforce.ibmcloud.com/vulnerabilities/259246 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-427: Uncontrolled Search Path Element •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40368 – IBM Storage Protect information disclosure
https://notcve.org/view.php?id=CVE-2023-40368
20 Sep 2023 — IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456. IBM Storage Protect 8.1.0.0 a 8.1.19.0 podría permitir que un usuario privilegiado obtenga información sensible del cliente de línea de comando administrativo. ID de IBM X-Force: 263456. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263456 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •