Vulnerabilities > IBM > Spectrum Protect Plus > High

DATE CVE VULNERABILITY TITLE RISK
2024-02-02 CVE-2023-47148 Unspecified vulnerability in IBM Spectrum Protect Plus
IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system.
network
low complexity
ibm
7.5
2022-09-19 CVE-2022-40608 Path Traversal vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack.
network
low complexity
ibm CWE-22
7.5
2022-06-06 CVE-2022-22396 Insufficiently Protected Credentials vulnerability in IBM Spectrum Protect Plus
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases.
network
low complexity
ibm CWE-522
7.5
2022-03-14 CVE-2022-22354 Unspecified vulnerability in IBM products
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place.
network
low complexity
ibm
7.5
2021-12-13 CVE-2021-39057 Server-Side Request Forgery (SSRF) vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
8.1
2021-04-26 CVE-2021-29694 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2021-02-10 CVE-2020-5023 Resource Exhaustion vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption.
network
low complexity
ibm CWE-400
7.5
2021-01-08 CVE-2020-5018 Cleartext Storage of Sensitive Information vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker.
network
low complexity
ibm CWE-312
7.5
2020-09-15 CVE-2020-4703 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-434
8.0
2020-06-15 CVE-2020-4470 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-434
8.0