16 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871. Los procesos dsmc y dsmcad de IBM Spectrum Protect 7.1 y 8.1 acumulan incorrectamente sockets TCP/IP en un estado CLOSE_WAIT. Esto puede provocar el filtrado del recurso TCP/IP y podría resultar en una denegación de servicio (DoS). • http://www.ibm.com/support/docview.wss?uid=ibm10738765 http://www.securityfocus.com/bid/105940 https://exchange.xforce.ibmcloud.com/vulnerabilities/148871 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.5EPSS: 0%CPEs: 62EXPL: 0

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163. IBM Spectrum Protect 7.1 y 8.1 podría permitir que un atacante local realice un ataque symlink. • http://www.ibm.com/support/docview.wss?uid=swg22006248 http://www.securityfocus.com/bid/101107 https://exchange.xforce.ibmcloud.com/vulnerabilities/125163 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 62EXPL: 0

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875. IBM Spectrum Protect 7.1 y 8.1 (anteriormente Tivoli Storage Manager) revela las credenciales sin cifrar de inicio de sesión de Vmware vCenter en la salida de la traza de la aplicación, las cuales las puede obtener un usuario local. IBM X-Force ID: 126875. • http://www.ibm.com/support/docview.wss?uid=swg22006215 https://exchange.xforce.ibmcloud.com/vulnerabilities/126875 • CWE-522: Insufficiently Protected Credentials •

CVSS: 9.8EPSS: 0%CPEs: 65EXPL: 0

The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750. El protocolo de autenticación por defecto de IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 y 8.1) es vulnerable a ataques de fuerza bruta ya que revela demasiada información durante el proceso de autenticación. Un atacante podría obtener acceso administrativo o de usuario al servidor TSM. • http://www.ibm.com/support/docview.wss?uid=swg22007935 https://exchange.xforce.ibmcloud.com/vulnerabilities/118750 • CWE-287: Improper Authentication •

CVSS: 4.4EPSS: 0%CPEs: 65EXPL: 0

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247. El servidor de IBM Spectrum Protect 7.1 y 8.1 (anteriormente Tivoli Storage Manager) utiliza un cifrado de contraseña débil. Un administrador de la base de datos podría descifrar la contraseña del cliente o administrador de IBM Spectrum Protect, pudiendo provocar que se divulgue información o una denegación de servicio (DoS). • http://www.ibm.com/support/docview.wss?uid=swg22007936 http://www.securityfocus.com/bid/101113 http://www.securitytracker.com/id/1039498 https://exchange.xforce.ibmcloud.com/vulnerabilities/126247 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •