VYPR

Spectrum Control

by IBM

CVEs (9)

  • CVE-2016-8941HigFeb 1, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

  • CVE-2016-5946MedSep 26, 2016
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

  • CVE-2016-5947MedSep 26, 2016
    risk 0.37cvss 5.7epss 0.01

    IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

  • CVE-2016-8943MedFeb 1, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2016-5944MedSep 26, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.

  • CVE-2016-5943MedSep 26, 2016
    risk 0.35cvss 5.4epss 0.01

    IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors.

  • CVE-2016-5945MedSep 26, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request.

  • CVE-2016-8942LowFeb 1, 2017
    risk 0.20cvss 3.1epss 0.00

    IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.

  • CVE-2022-38391Dec 20, 2022
    risk 0.00cvss epss 0.00

    IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 233982.