Spectrum Protect

spectrum_protect

Vendor: Ibm • 18 CVEs

CVEs (18)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-27863 1Ibm 1Spectrum Protect Nov 21, 2024 May 12, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325.
CVE-2022-22484 1Ibm 1Spectrum Protect Nov 21, 2024 May 17, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application com...Show more IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. By accessing browser history, an attacker could exploit this vulnerability to obtain other user accounts' passwords. IBM X-Force ID: 226322.Show less
CVE-2022-22394 1Ibm 1Spectrum Protect Nov 21, 2024 Mar 21, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to...Show more The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server.Show less
CVE-2021-20491 1Ibm 1Spectrum Protect Nov 21, 2024 Apr 16, 2021 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized a...Show more IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792.Show less
CVE-2020-5017 1Ibm 1Spectrum Protect Nov 21, 2024 Jan 8, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653.
CVE-2020-4559 1Ibm 1Spectrum Protect Nov 21, 2024 Aug 28, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613.
CVE-2020-4415 1Ibm 1Spectrum Protect Nov 21, 2024 Apr 23, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges o...Show more IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990.Show less
CVE-2020-4222 1Ibm 1Spectrum Protect Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitr...Show more IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091.Show less
CVE-2020-4213 1Ibm 1Spectrum Protect Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitr...Show more IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024.Show less
CVE-2020-4212 1Ibm 1Spectrum Protect Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitr...Show more IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023.Show less
CVE-2020-4211 1Ibm 1Spectrum Protect Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitr...Show more IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022.Show less
CVE-2020-4210 1Ibm 1Spectrum Protect Nov 21, 2024 Feb 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitr...Show more IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020.Show less
CVE-2018-2025 1Ibm 2Spectrum Protect Spectrum Protect For Virtual Environments Nov 21, 2024 Nov 25, 2019 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551.
CVE-2019-4267 1Ibm 1Spectrum Protect Nov 21, 2024 Jul 22, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. This could allow execution of arbitrary code on the local system or the application to crash. IBM X-Force ID: 160200.
CVE-2019-4236 1Ibm 1Spectrum Protect Nov 21, 2024 Jul 22, 2019 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries assoc...Show more A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418.Show less
CVE-2019-4140 1Ibm 1Spectrum Protect Nov 21, 2024 Jul 2, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336.
CVE-2019-4093 1Ibm 1Spectrum Protect Nov 21, 2024 Apr 2, 2019 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to inco...Show more IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981.Show less
CVE-2018-1786 1Ibm 6Spectrum Protect Spectrum Protect For Virtual Environments Data Protection For Hyper VSpectrum Protect Manager For Virtual Environments Data Protection For Vmware+3 more Nov 21, 2024 Nov 12, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871...Show more IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.Show less