Vulnerabilities > IBM > Spectrum Protect Plus

DATE CVE VULNERABILITY TITLE RISK
2019-07-01 CVE-2019-4383 Unspecified vulnerability in IBM Spectrum Protect Plus 10.1.1/10.1.2/10.1.3
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges.
local
low complexity
ibm
6.7
6.7
2019-07-01 CVE-2019-4357 Unspecified vulnerability in IBM Spectrum Protect Plus 10.1.1/10.1.2/10.1.3
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system.
local
low complexity
ibm
6.7
6.7
2019-06-19 CVE-2019-4385 Insufficiently Protected Credentials vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog.
local
low complexity
ibm CWE-522
6.5
6.5
2018-09-26 CVE-2018-1768 Information Exposure Through Log Files vulnerability in IBM Spectrum Protect Plus 10.1.0/10.1.1
IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file.
local
low complexity
ibm CWE-532
7.8
7.8