Vulnerabilities > IBM > Spectrum Copy Data Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2021-38947 | Inadequate Encryption Strength vulnerability in IBM Spectrum Copy Data Management IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-12-13 | CVE-2021-39052 | Unspecified vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. | 7.5 |
| 2021-12-13 | CVE-2021-39053 | Unspecified vulnerability in IBM Spectrum Copy Data Management IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin Console. | 5.0 |
| 2021-12-13 | CVE-2021-39054 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Spectrum Copy Data Management IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. | 3.5 |
| 2021-12-13 | CVE-2021-39058 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Copy Data Management IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2021-12-13 | CVE-2021-39064 | Improper Authentication vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. | 7.5 |
| 2021-12-13 | CVE-2021-39065 | OS Command Injection vulnerability in IBM Spectrum Copy Data Management 2.2.0.0/2.2.13 IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . | 10.0 |