VYPR

Spectrum Protect Server

by IBM

CVEs (89)

  • CVE-2020-4211CriFeb 24, 2020
    risk 0.69cvss 9.8epss 0.71

    IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022.

  • CVE-2020-4469CriJun 15, 2020
    risk 0.65cvss 9.8epss 0.13

    IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to…

  • CVE-2020-4222CriFeb 24, 2020
    risk 0.65cvss 9.8epss 0.15

    IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091.

  • CVE-2020-4213CriFeb 24, 2020
    risk 0.65cvss 9.8epss 0.15

    IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024.

  • CVE-2020-4212CriFeb 24, 2020
    risk 0.65cvss 9.8epss 0.15

    IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023.

  • CVE-2020-4210CriFeb 24, 2020
    risk 0.65cvss 9.8epss 0.15

    IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020.

  • CVE-2022-22487CriJun 30, 2022
    risk 0.64cvss 9.8epss 0.01

    An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques…

  • CVE-2022-22485CriJun 17, 2022
    risk 0.64cvss 9.8epss 0.01

    In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability…

  • CVE-2020-4854CriNov 23, 2020
    risk 0.64cvss 9.8epss 0.02

    IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.

  • CVE-2020-4216CriJun 15, 2020
    risk 0.64cvss 9.8epss 0.02

    IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066.

  • CVE-2020-4415CriApr 23, 2020
    risk 0.64cvss 9.8epss 0.08

    IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum…

  • CVE-2020-4208CriMar 31, 2020
    risk 0.64cvss 9.8epss 0.02

    IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975.

  • CVE-2019-4087CriJul 2, 2019
    risk 0.64cvss 9.8epss 0.07

    IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote…

  • CVE-2016-8937CriOct 5, 2017
    risk 0.64cvss 9.8epss 0.02

    The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM…

  • CVE-2020-4241HigMar 31, 2020
    risk 0.63cvss 8.8epss 0.66

    IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on…

  • CVE-2021-39063CriDec 13, 2021
    risk 0.59cvss 9.1epss 0.01

    IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.

  • CVE-2020-4242HigMar 31, 2020
    risk 0.58cvss 8.8epss 0.05

    IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on…

  • CVE-2020-4206HigMar 31, 2020
    risk 0.58cvss 8.8epss 0.05

    IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966.

  • CVE-2022-22472HigJun 30, 2022
    risk 0.57cvss 8.8epss 0.01

    IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper…

  • CVE-2022-22394HigMar 21, 2022
    risk 0.57cvss 8.8epss 0.02

    The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node…

Page 1 of 5