Skip to main content

Spectrum Protect Server

5 CVEs product

Monthly

CVE-2025-3319 HIGH This Week

CVE-2025-3319 is an authentication bypass vulnerability in IBM Spectrum Protect Server versions 8.1 through 8.1.26 caused by improper session authentication mechanisms. This flaw allows unauthenticated network attackers to bypass authentication and gain unauthorized access to protected resources, potentially compromising backup and recovery infrastructure. With a CVSS score of 8.1 (High) and network-based attack vector, this vulnerability poses significant risk to organizations relying on Spectrum Protect for data protection.

IBM Authentication Bypass Spectrum Protect Server
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2022-22496 MEDIUM PATCH This Month

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Protect Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-22487 CRITICAL PATCH Act Now

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Spectrum Protect Server
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-4591 LOW PATCH Monitor

IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Server
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2018-1788 MEDIUM PATCH This Month

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Server
NVD
CVSS 3.0
4.4
EPSS
0.4%
EPSS 0% CVSS 8.1
HIGH This Week

CVE-2025-3319 is an authentication bypass vulnerability in IBM Spectrum Protect Server versions 8.1 through 8.1.26 caused by improper session authentication mechanisms. This flaw allows unauthenticated network attackers to bypass authentication and gain unauthorized access to protected resources, potentially compromising backup and recovery infrastructure. With a CVSS score of 8.1 (High) and network-based attack vector, this vulnerability poses significant risk to organizations relying on Spectrum Protect for data protection.

IBM Authentication Bypass Spectrum Protect Server
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Spectrum Protect Server
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Spectrum Protect Server
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Server
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy