Ibm

Spectrum Protect Plus

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2020-4783

  • EPSS 0.17%
  • Veröffentlicht 23.11.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:14

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive i...

9.8

CVE-2020-4854

Exploit
  • EPSS 0.23%
  • Veröffentlicht 23.11.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:19

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data....

6.5

CVE-2020-4711

  • EPSS 0.61%
  • Veröffentlicht 15.09.2020 14:15:14
  • Zuletzt bearbeitet 21.11.2024 05:33:09

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. I...

8

CVE-2020-4703

  • EPSS 0.84%
  • Veröffentlicht 15.09.2020 14:15:14
  • Zuletzt bearbeitet 21.11.2024 05:33:09

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. This vulnerability is due to an incomplete fix for ...

5.5

CVE-2020-4631

  • EPSS 0.03%
  • Veröffentlicht 04.08.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:33:01

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM ...

5.9

CVE-2020-4565

  • EPSS 0.24%
  • Veröffentlicht 26.06.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 05:32:54

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935.

6.5

CVE-2020-4477

  • EPSS 0.24%
  • Veröffentlicht 15.06.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:32:47

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779.

6.5

CVE-2020-4471

  • EPSS 0.15%
  • Veröffentlicht 15.06.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:32:46

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726.

8

CVE-2020-4470

  • EPSS 0.23%
  • Veröffentlicht 15.06.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:32:46

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725.

10

CVE-2020-4469

  • EPSS 46.36%
  • Veröffentlicht 15.06.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:32:46

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system....