Vulnerabilities > IBM > Spectrum Protect
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2020-4211 | OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. | 9.8 |
| 2020-02-24 | CVE-2020-4210 | OS Command Injection vulnerability in IBM Spectrum Protect 10.1.0/10.1.5 IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. | 9.8 |
| 2019-11-25 | CVE-2018-2025 | Incorrect Default Permissions vulnerability in IBM products IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. | 4.4 |
| 2019-07-22 | CVE-2019-4267 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Spectrum Protect The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. | 7.8 |
| 2019-07-22 | CVE-2019-4236 | Data Processing Errors vulnerability in IBM Spectrum Protect A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. | 4.4 |
| 2019-07-02 | CVE-2019-4140 | Information Exposure vulnerability in IBM Spectrum Protect IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. | 7.1 |
| 2019-04-02 | CVE-2019-4093 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum Protect 8.1.7 IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. | 4.4 |
| 2018-11-12 | CVE-2018-1786 | Resource Exhaustion vulnerability in IBM products IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. | 7.5 |