Skip to main content

Spectrum Control

13 CVEs product

Monthly

CVE-2022-38391 HIGH PATCH This Week

IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Spectrum Control
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2019-4138 MEDIUM PATCH This Month

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Spectrum Control
NVD
CVSS 3.0
5.9
EPSS
2.1%
CVE-2019-4137 MEDIUM PATCH This Month

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Control
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2019-4072 MEDIUM This Month

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.1
6.3
EPSS
0.8%
CVE-2019-4071 HIGH This Week

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2016-8943 MEDIUM PATCH This Month

IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-8942 LOW PATCH Monitor

IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

IBM Authentication Bypass Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
3.1
EPSS
0.1%
CVE-2016-8941 HIGH PATCH This Week

IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-5947 MEDIUM PATCH This Month

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tivoli Storage Productivity Center Spectrum Control
NVD
CVSS 3.0
5.7
EPSS
0.2%
CVE-2016-5946 MEDIUM PATCH This Month

Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Path Traversal Information Disclosure Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-5945 MEDIUM PATCH This Month

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-5944 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XSS Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5943 MEDIUM PATCH This Month

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Spectrum Control
NVD
CVSS 3.0
5.4
EPSS
0.1%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Control 5.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Spectrum Control
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Spectrum Control
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Control
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Control +1
NVD
EPSS 4% CVSS 8.8
HIGH This Week

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Control +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Spectrum Control +1
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

IBM Authentication Bypass Spectrum Control +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Spectrum Control +1
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tivoli Storage Productivity Center +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Path Traversal Information Disclosure +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Spectrum Control +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XSS Spectrum Control +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Spectrum Control
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy