Total
44 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4711 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501. | |||||
CVE-2020-4703 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for CVE-2020-4470. IBM X-Force ID: 187188. | |||||
CVE-2020-4631 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372. | |||||
CVE-2020-4565 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935. | |||||
CVE-2020-4497 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | N/A | 6.8 MEDIUM |
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106. | |||||
CVE-2020-4496 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046. | |||||
CVE-2020-4477 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779. | |||||
CVE-2020-4471 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726. | |||||
CVE-2020-4470 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725. | |||||
CVE-2020-4469 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724. | |||||
CVE-2020-4242 | 1 Ibm | 2 Spectrum Protect Plus, Spectrum Scale | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419. | |||||
CVE-2020-4241 | 1 Ibm | 2 Spectrum Protect Plus, Spectrum Scale | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418. | |||||
CVE-2020-4240 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417. | |||||
CVE-2020-4216 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066. | |||||
CVE-2020-4214 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026. | |||||
CVE-2020-4209 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019. | |||||
CVE-2020-4208 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174975. | |||||
CVE-2020-4206 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966. | |||||
CVE-2019-4703 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information. | |||||
CVE-2019-4652 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963. |