Vulnerabilities > IBM > Spectrum Copy Data Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2021-38947 | Inadequate Encryption Strength vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-12-13 | CVE-2021-39052 | Unspecified vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. | 9.8 |
| 2021-12-13 | CVE-2021-39053 | Unspecified vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. | 7.5 |
| 2021-12-13 | CVE-2021-39054 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. | 5.4 |
| 2021-12-13 | CVE-2021-39058 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-12-13 | CVE-2021-39064 | Improper Authentication vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. | 7.5 |
| 2021-12-13 | CVE-2021-39065 | OS Command Injection vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . | 9.8 |