Vulnerabilities > IBM > Spectrum Protect FOR Space Management

DATE CVE VULNERABILITY TITLE RISK
2023-07-19 CVE-2023-33832 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in IBM products
IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality.
local
high complexity
ibm CWE-367
4.7
4.7
2021-12-13 CVE-2021-39048 Out-of-bounds Write vulnerability in IBM products
IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking.
local
low complexity
ibm CWE-787
5.5
5.5
2021-04-26 CVE-2021-20546 Out-of-bounds Write vulnerability in IBM products
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking.
local
low complexity
ibm CWE-787
5.5
5.5
2021-04-26 CVE-2021-29672 Out-of-bounds Write vulnerability in IBM products
IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings.
local
low complexity
ibm CWE-787
7.8
7.8
2020-06-15 CVE-2020-4494 Improper Authentication vulnerability in IBM products
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources.
network
low complexity
ibm CWE-287
7.5
7.5
2020-06-15 CVE-2020-4406 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM products
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-1021
5.4
5.4
2018-04-04 CVE-2018-1447 Use of Password Hash With Insufficient Computational Effort vulnerability in IBM products
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords.
network
high complexity
ibm CWE-916
8.1
8.1