Vulnerabilities > IBM > Spectrum Protect Plus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-15 | CVE-2020-4216 | Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2020-05-04 | CVE-2020-4209 | Path Traversal vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. | 5.4 |
| 2020-03-31 | CVE-2020-4242 | OS Command Injection vulnerability in IBM Spectrum Protect Plus and Spectrum Scale IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2020-03-31 | CVE-2020-4241 | OS Command Injection vulnerability in IBM Spectrum Protect Plus and Spectrum Scale IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2020-03-31 | CVE-2020-4240 | Path Traversal vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2020-03-31 | CVE-2020-4214 | Improper Input Validation vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. | 7.5 |
| 2020-03-31 | CVE-2020-4208 | Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
| 2020-03-31 | CVE-2020-4206 | OS Command Injection vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input. | 8.8 |
| 2020-02-24 | CVE-2019-4703 | Unspecified vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information. high complexity ibm | 5.3 |
| 2019-11-12 | CVE-2019-4652 | Incorrect Default Permissions vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. | 7.1 |