Ibm

Spectrum Protect Plus

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-4216

  • EPSS 0.13%
  • Veröffentlicht 15.06.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:32:24

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data....

5.5

CVE-2020-4209

  • EPSS 0.43%
  • Veröffentlicht 04.05.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:32:24

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system....

9

CVE-2020-4242

  • EPSS 4.08%
  • Veröffentlicht 31.03.2020 15:15:21
  • Zuletzt bearbeitet 21.11.2024 05:32:26

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to ex...

9

CVE-2020-4241

  • EPSS 11.33%
  • Veröffentlicht 31.03.2020 15:15:21
  • Zuletzt bearbeitet 21.11.2024 05:32:26

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to ex...

6.5

CVE-2020-4240

  • EPSS 0.42%
  • Veröffentlicht 31.03.2020 15:15:20
  • Zuletzt bearbeitet 21.11.2024 05:32:26

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417.

7.5

CVE-2020-4214

  • EPSS 0.1%
  • Veröffentlicht 31.03.2020 15:15:17
  • Zuletzt bearbeitet 21.11.2024 05:32:24

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026.

9.8

CVE-2020-4208

  • EPSS 0.03%
  • Veröffentlicht 31.03.2020 15:15:17
  • Zuletzt bearbeitet 21.11.2024 05:32:24

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data....

9

CVE-2020-4206

  • EPSS 5.76%
  • Veröffentlicht 31.03.2020 15:15:16
  • Zuletzt bearbeitet 21.11.2024 05:32:23

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. IBM X-Force ID: 174966.

5.3

CVE-2019-4703

  • EPSS 0.14%
  • Veröffentlicht 24.02.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:44:01

IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information.

7.1

CVE-2019-4652

  • EPSS 0.06%
  • Veröffentlicht 12.11.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:43:55

IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963.