Vulnerabilities > IBM > Spectrum Protect Plus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-29 | CVE-2021-20490 | Incorrect Default Permissions vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. | 5.5 |
| 2021-04-26 | CVE-2021-20536 | Information Exposure Through Log Files vulnerability in IBM Spectrum Protect Plus 10.1.6/10.1.7 IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. | 6.2 |
| 2021-04-26 | CVE-2021-20432 | Unspecified vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. | 6.5 |
| 2021-04-26 | CVE-2021-29694 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-02-10 | CVE-2020-5023 | Resource Exhaustion vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. | 7.5 |
| 2021-01-08 | CVE-2020-5022 | Missing Authorization vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. | 5.3 |
| 2021-01-08 | CVE-2020-5021 | Session Fixation vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. | 4.4 |
| 2021-01-08 | CVE-2020-5020 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. | 6.1 |
| 2021-01-08 | CVE-2020-5019 | Injection vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 6.5 |
| 2021-01-08 | CVE-2020-5018 | Cleartext Storage of Sensitive Information vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. | 7.5 |