Vulnerabilities > IBM > Spectrum Protect Plus > 10.1.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-23 | CVE-2020-4854 | Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2020-11-23 | CVE-2020-4783 | Missing Authorization vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2020-09-15 | CVE-2020-4711 | Path Traversal vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2020-09-15 | CVE-2020-4703 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. | 8.0 |
| 2020-08-04 | CVE-2020-4631 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. | 5.5 |