Skip to main content

Spectrum Protect Plus

33 CVEs product

Monthly

CVE-2022-40608 HIGH This Week

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM Path Traversal Spectrum Protect Plus
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-40234 MEDIUM This Month

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Spectrum Protect Plus
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-22396 HIGH This Week

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22354 HIGH This Week

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Copy Data Management Spectrum Protect Plus
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-39063 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2021-39057 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Spectrum Protect Plus
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2021-20490 MEDIUM This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Privilege Escalation Spectrum Protect Plus
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29694 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-20536 MEDIUM This Month

IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2021-20432 MEDIUM This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-4854 CRITICAL POC PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

IBM Authentication Bypass Spectrum Protect Plus
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-4783 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Spectrum Protect Plus
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2020-4711 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Spectrum Protect Plus
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-4703 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM Spectrum Protect Plus
NVD
CVSS 3.1
8.0
EPSS
1.8%
CVE-2020-4631 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Microsoft Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-4565 MEDIUM This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2020-4477 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-4471 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Denial Of Service IBM Authentication Bypass Spectrum Protect Plus
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-4470 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM Spectrum Protect Plus
NVD
CVSS 3.1
8.0
EPSS
1.9%
CVE-2020-4469 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE IBM Command Injection Spectrum Protect Plus
NVD
CVSS 3.1
9.8
EPSS
13.4%
CVE-2020-4216 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Spectrum Protect Plus
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-4209 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Spectrum Protect Plus
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-4242 HIGH PATCH This Week

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Spectrum Protect Plus Spectrum Scale
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2020-4241 HIGH PATCH This Week

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Spectrum Protect Plus Spectrum Scale
NVD
CVSS 3.1
8.8
EPSS
66.3%
CVE-2020-4240 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Spectrum Protect Plus
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-4214 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-4208 CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Spectrum Protect Plus
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-4206 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2019-4652 HIGH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Microsoft Spectrum Protect Plus
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2019-4383 MEDIUM PATCH This Month

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation IBM Oracle Spectrum Protect Plus
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2019-4357 MEDIUM This Month

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Oracle Spectrum Protect Plus
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-4385 MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2018-1768 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.0
7.8
EPSS
0.4%
EPSS 2% CVSS 7.5
HIGH This Week

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM Path Traversal +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Spectrum Protect Plus
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Plus
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Spectrum Copy Data Management +1
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Spectrum Protect Plus
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Privilege Escalation +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Plus
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Plus
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

IBM Authentication Bypass Spectrum Protect Plus
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

IBM Authentication Bypass Spectrum Protect Plus
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Spectrum Protect Plus
NVD
EPSS 2% CVSS 8.0
HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Spectrum Protect Plus
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Denial Of Service IBM Authentication Bypass +1
NVD
EPSS 2% CVSS 8.0
HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM +1
NVD
EPSS 13% CVSS 9.8
CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE IBM Command Injection +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Spectrum Protect Plus
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Spectrum Protect Plus
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Spectrum Protect Plus +1
NVD
EPSS 66% CVSS 8.8
HIGH PATCH This Week

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Spectrum Protect Plus +1
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Spectrum Protect Plus
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Spectrum Protect Plus
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
EPSS 0% CVSS 7.1
HIGH This Week

IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Microsoft +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation IBM Oracle +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM RCE Oracle +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Spectrum Protect Plus
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy