VYPR

Spectrum Protect

by IBM

CVEs (9)

  • CVE-2022-22487CriJun 30, 2022
    risk 0.64cvss 9.8epss 0.01

    An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques…

  • CVE-2022-22472HigJun 30, 2022
    risk 0.57cvss 8.8epss 0.01

    IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper…

  • CVE-2022-22394HigMar 21, 2022
    risk 0.57cvss 8.8epss 0.02

    The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node…

  • CVE-2022-40608HigSep 19, 2022
    risk 0.49cvss 7.5epss 0.02

    IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator…

  • CVE-2022-22474HigJun 30, 2022
    risk 0.49cvss 7.5epss 0.01

    IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348.

  • CVE-2022-22396HigJun 6, 2022
    risk 0.49cvss 7.5epss 0.01

    Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key…

  • CVE-2022-22354HigMar 14, 2022
    risk 0.49cvss 7.5epss 0.01

    IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become…

  • CVE-2023-33832MedJul 19, 2023
    risk 0.40cvss 6.2epss 0.00

    IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. IBM X-Force ID: 256012.

  • CVE-2022-40234MedSep 19, 2022
    risk 0.38cvss 5.9epss 0.01

    Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can…