Spectrum Protect Server
by IBM
CVEs (71)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-4236 | 0.00 | — | 0.00 | Jul 22, 2019 | A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418. | |||
| CVE-2019-4140 | 0.00 | — | 0.00 | Jul 2, 2019 | IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336. | |||
| CVE-2019-4129 | 0.00 | — | 0.00 | Jul 2, 2019 | IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279. | |||
| CVE-2019-4088 | 0.00 | — | 0.00 | Jul 2, 2019 | IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511. | |||
| CVE-2019-4383 | 0.00 | — | 0.00 | Jul 1, 2019 | When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165. | |||
| CVE-2019-4357 | 0.00 | — | 0.00 | Jul 1, 2019 | When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667, | |||
| CVE-2019-4385 | 0.00 | — | 0.00 | Jun 19, 2019 | IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173. | |||
| CVE-2018-1882 | 0.00 | — | 0.00 | Apr 8, 2019 | In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968. | |||
| CVE-2018-1853 | 0.00 | — | 0.00 | Apr 8, 2019 | IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014. | |||
| CVE-2018-1787 | 0.00 | — | 0.00 | Apr 8, 2019 | IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vulnerability caused by insecure file permissions. IBM X-Force ID: 148872. | |||
| CVE-2019-4093 | 0.00 | — | 0.00 | Apr 2, 2019 | IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981. |
- CVE-2019-4236Jul 22, 2019risk 0.00cvss —epss 0.00
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418.
- CVE-2019-4140Jul 2, 2019risk 0.00cvss —epss 0.00
IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336.
- CVE-2019-4129Jul 2, 2019risk 0.00cvss —epss 0.00
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279.
- CVE-2019-4088Jul 2, 2019risk 0.00cvss —epss 0.00
IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511.
- CVE-2019-4383Jul 1, 2019risk 0.00cvss —epss 0.00
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165.
- CVE-2019-4357Jul 1, 2019risk 0.00cvss —epss 0.00
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,
- CVE-2019-4385Jun 19, 2019risk 0.00cvss —epss 0.00
IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.
- CVE-2018-1882Apr 8, 2019risk 0.00cvss —epss 0.00
In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968.
- CVE-2018-1853Apr 8, 2019risk 0.00cvss —epss 0.00
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014.
- CVE-2018-1787Apr 8, 2019risk 0.00cvss —epss 0.00
IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vulnerability caused by insecure file permissions. IBM X-Force ID: 148872.
- CVE-2019-4093Apr 2, 2019risk 0.00cvss —epss 0.00
IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981.
Page 4 of 4