Ibm

Spectrum Protect Plus

44 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2021-20490

  • EPSS 0.04%
  • Published 29.06.2021 16:15:08
  • Last modified 21.11.2024 05:46:39

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.

7.5

CVE-2021-29694

  • EPSS 0.11%
  • Published 26.04.2021 17:15:08
  • Last modified 21.11.2024 06:01:39

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258.

6.2

CVE-2021-20536

  • EPSS 0.04%
  • Published 26.04.2021 17:15:08
  • Last modified 21.11.2024 05:46:44

IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836.

6.5

CVE-2021-20432

  • EPSS 0.16%
  • Published 26.04.2021 17:15:07
  • Last modified 21.11.2024 05:46:35

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

7.5

CVE-2020-5023

  • EPSS 0.73%
  • Published 10.02.2021 17:15:16
  • Last modified 21.11.2024 05:33:33

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.

5.3

CVE-2020-5022

  • EPSS 0.17%
  • Published 08.01.2021 19:15:14
  • Last modified 21.11.2024 05:33:33

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658.

4.4

CVE-2020-5021

  • EPSS 0.03%
  • Published 08.01.2021 19:15:14
  • Last modified 21.11.2024 05:33:33

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657.

6.1

CVE-2020-5020

  • EPSS 0.18%
  • Published 08.01.2021 19:15:14
  • Last modified 21.11.2024 05:33:33

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's...

6.5

CVE-2020-5019

  • EPSS 0.05%
  • Published 08.01.2021 19:15:14
  • Last modified 21.11.2024 05:33:33

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inj...

7.5

CVE-2020-5018

  • EPSS 0.1%
  • Published 08.01.2021 19:15:14
  • Last modified 21.11.2024 05:33:33

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.