Vulnerabilities > IBM > Spectrum Copy Data Management

DATE CVE VULNERABILITY TITLE RISK
2022-08-26 CVE-2021-3669 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the Linux kernel.
local
low complexity
linux ibm debian fedoraproject redhat CWE-770
5.5
5.5
2022-06-10 CVE-2022-22426 Unspecified vulnerability in IBM Spectrum Copy Data Management
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management.
local
low complexity
ibm
3.3
3.3
2022-06-10 CVE-2022-22479 Cross-Site Request Forgery (CSRF) vulnerability in IBM Spectrum Copy Data Management
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
8.8
2022-06-10 CVE-2022-30610 Improper Privilege Management vulnerability in IBM Spectrum Copy Data Management
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it.
network
low complexity
ibm CWE-269
4.5
4.5
2022-06-10 CVE-2022-30611 Cross-site Scripting vulnerability in IBM Spectrum Copy Data Management
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-79
5.4
5.4
2022-06-10 CVE-2022-31769 Unspecified vulnerability in IBM Spectrum Copy Data Management
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system.
network
low complexity
ibm
5.3
5.3
2022-03-14 CVE-2021-39051 Server-Side Request Forgery (SSRF) vulnerability in IBM Spectrum Copy Data Management
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function.
network
low complexity
ibm CWE-918
6.5
6.5
2022-03-14 CVE-2021-39055 Cross-site Scripting vulnerability in IBM Spectrum Copy Data Management
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2022-03-14 CVE-2022-22344 Injection vulnerability in IBM Spectrum Copy Data Management
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-74
6.1
6.1
2022-03-14 CVE-2022-22354 Unspecified vulnerability in IBM products
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place.
network
low complexity
ibm
7.5
7.5