Vulnerabilities > IBM > Spectrum Protect Plus

DATE CVE VULNERABILITY TITLE RISK
2024-02-02 CVE-2023-47148 Unspecified vulnerability in IBM Spectrum Protect Plus
IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system.
network
low complexity
ibm
7.5
2022-12-14 CVE-2020-4497 Cleartext Transmission of Sensitive Information vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents.
network
high complexity
ibm CWE-319
5.9
2022-09-19 CVE-2022-40234 Exposure of Resource to Wrong Sphere vulnerability in IBM Spectrum Protect Plus
Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus.
network
high complexity
ibm CWE-668
5.9
2022-09-19 CVE-2022-40608 Path Traversal vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack.
network
low complexity
ibm CWE-22
7.5
2022-08-26 CVE-2021-3669 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the Linux kernel.
local
low complexity
linux ibm debian fedoraproject redhat CWE-770
5.5
2022-06-06 CVE-2022-22396 Insufficiently Protected Credentials vulnerability in IBM Spectrum Protect Plus
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases.
network
low complexity
ibm CWE-522
7.5
2022-03-14 CVE-2022-22354 Unspecified vulnerability in IBM products
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place.
network
low complexity
ibm
7.5
2021-12-13 CVE-2020-4496 Improper Certificate Validation vulnerability in IBM Spectrum Protect Plus
The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation.
network
high complexity
ibm CWE-295
5.9
2021-12-13 CVE-2021-39057 Server-Side Request Forgery (SSRF) vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
8.1
2021-12-13 CVE-2021-39063 Origin Validation Error vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers.
network
low complexity
ibm CWE-346
critical
9.1