VYPR

Spectrum Protect Server

by IBM

CVEs (89)

  • CVE-2016-8940HigMar 7, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators.…

  • CVE-2025-3319HigJun 20, 2025
    risk 0.53cvss 8.1epss 0.00

    IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources.

  • CVE-2021-39057HigDec 13, 2021
    risk 0.53cvss 8.1epss 0.00

    IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force…

  • CVE-2020-4703HigSep 15, 2020
    risk 0.52cvss 8.0epss 0.02

    IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force…

  • CVE-2020-4470HigJun 15, 2020
    risk 0.52cvss 8.0epss 0.02

    IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725.

  • CVE-2019-4267HigJul 22, 2019
    risk 0.51cvss 7.8epss 0.00

    The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. This could allow execution of arbitrary code on the local system or the application to crash. IBM X-Force ID: 160200.

  • CVE-2019-4088HigJul 2, 2019
    risk 0.51cvss 7.8epss 0.01

    IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this…

  • CVE-2017-1378HigOct 5, 2017
    risk 0.51cvss 7.8epss 0.00

    IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.

  • CVE-2022-40608HigSep 19, 2022
    risk 0.49cvss 7.5epss 0.02

    IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator…

  • CVE-2022-22474HigJun 30, 2022
    risk 0.49cvss 7.5epss 0.01

    IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348.

  • CVE-2022-22396HigJun 6, 2022
    risk 0.49cvss 7.5epss 0.01

    Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key…

  • CVE-2022-22354HigMar 14, 2022
    risk 0.49cvss 7.5epss 0.01

    IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become…

  • CVE-2021-29694HigApr 26, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258.

  • CVE-2020-5023HigFeb 10, 2021
    risk 0.49cvss 7.5epss 0.02

    IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.

  • CVE-2020-5018HigJan 8, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.

  • CVE-2020-4559HigAug 28, 2020
    risk 0.49cvss 7.5epss 0.01

    IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613.

  • CVE-2020-4494HigJun 15, 2020
    risk 0.49cvss 7.5epss 0.02

    IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication…

  • CVE-2020-4214HigMar 31, 2020
    risk 0.49cvss 7.5epss 0.02

    IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026.

  • CVE-2018-1785HigSep 26, 2018
    risk 0.49cvss 7.5epss 0.01

    IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.

  • CVE-2018-1545HigSep 26, 2018
    risk 0.49cvss 7.5epss 0.01

    IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.

Page 2 of 5