Ibm Spectrum_protect_plus

44 CVEs affecting Ibm Spectrum_protect_plus. Latest disclosed: 2024-02-02. Critical: 5, High: 14.

Top CVEs affecting Ibm Spectrum_protect_plus
CVESeverityScorePublishedSummary
CVE-2020-4854Critical9.82020-11-23IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound aut…
CVE-2020-4469Critical9.82020-06-15IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP comman…
CVE-2020-4216Critical9.82020-06-15IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound aut…
CVE-2020-4208Critical9.82020-03-31IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound aut…
CVE-2021-39063Critical9.12021-12-13IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and…
CVE-2020-4242High8.82020-03-31IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system…
CVE-2020-4241High8.82020-03-31IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system…
CVE-2020-4206High8.82020-03-31IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused b…
CVE-2021-39057High8.12021-12-13IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unaut…
CVE-2020-4703High8.02020-09-15IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute a…
CVE-2020-4470High8.02020-06-15IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute a…
CVE-2022-40608High7.52022-09-19IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL w…
CVE-2022-22396High7.52022-06-06Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remo…
CVE-2022-22354High7.52022-03-14IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection whic…
CVE-2021-29694High7.52021-04-26IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive inf…
CVE-2020-5023High7.52021-02-10IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resour…
CVE-2020-5018High7.52021-01-08IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an att…
CVE-2020-4214High7.52020-03-31IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied in…
CVE-2019-4652High7.12019-11-12IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to o…
CVE-2020-4497Medium6.82022-12-14 IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum…