Vulnerabilities > IBM > Spectrum Protect
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-12 | CVE-2023-27863 | Unspecified vulnerability in IBM Spectrum Protect 10.1.13 IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. | 4.9 |
| 2022-05-17 | CVE-2022-22484 | Cleartext Storage of Sensitive Information vulnerability in IBM Spectrum Protect IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser's application command history. | 5.5 |
| 2022-03-21 | CVE-2022-22394 | Unspecified vulnerability in IBM Spectrum Protect 8.1.14.100 The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. | 8.8 |
| 2021-04-16 | CVE-2021-20491 | Out-of-bounds Write vulnerability in IBM Spectrum Protect IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. | 4.4 |
| 2021-01-08 | CVE-2020-5017 | Unspecified vulnerability in IBM Spectrum Protect 10.1.0/10.1.5/10.1.6 IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. | 5.5 |
| 2020-08-28 | CVE-2020-4559 | Improper Input Validation vulnerability in IBM Spectrum Protect IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. | 7.5 |
| 2020-04-23 | CVE-2020-4415 | Out-of-bounds Write vulnerability in IBM Spectrum Protect IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 9.8 |
| 2020-02-24 | CVE-2020-4222 | OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. | 9.8 |
| 2020-02-24 | CVE-2020-4213 | OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. | 9.8 |
| 2020-02-24 | CVE-2020-4212 | Improper Input Validation vulnerability in IBM Spectrum Protect 10.1.0/10.1.5 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. | 9.8 |