Vulnerabilities > IBM > Spectrum Protect Client

DATE CVE VULNERABILITY TITLE RISK
2023-07-19 CVE-2023-33832 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in IBM products
IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality.
local
high complexity
ibm CWE-367
4.7
4.7
2022-06-30 CVE-2022-22474 Unspecified vulnerability in IBM Spectrum Protect Client
IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets.
network
low complexity
ibm
7.5
7.5
2022-06-30 CVE-2022-22478 Cleartext Storage of Sensitive Information vulnerability in IBM Spectrum Protect Client
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user.
local
low complexity
ibm CWE-312
5.5
5.5
2021-04-26 CVE-2021-20546 Out-of-bounds Write vulnerability in IBM products
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking.
local
low complexity
ibm CWE-787
5.5
5.5
2021-04-26 CVE-2021-29672 Out-of-bounds Write vulnerability in IBM products
IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings.
local
low complexity
ibm CWE-787
7.8
7.8
2020-06-15 CVE-2020-4494 Improper Authentication vulnerability in IBM products
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources.
network
low complexity
ibm CWE-287
7.5
7.5
2020-06-15 CVE-2020-4406 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM products
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-1021
5.4
5.4
2018-09-26 CVE-2018-1785 Inadequate Encryption Strength vulnerability in IBM products
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information.
network
low complexity
ibm CWE-326
7.5
7.5
2018-09-26 CVE-2018-1545 Inadequate Encryption Strength vulnerability in IBM products
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-326
7.5
7.5