Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm spectrum protect plus vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-40608
IBM Spectrum Protect Plus 10.1.6 up to and including 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the ope...
Ibm Spectrum Protect Plus
6.5
CVSSv3
CVE-2020-4711
IBM Spectrum Protect Plus 10.1.0 up to and including 10.1.6 could allow a remote malicious user to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM...
Ibm Spectrum Protect Plus
9.8
CVSSv3
CVE-2020-4854
IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.
Ibm Spectrum Protect Plus
7.5
CVSSv3
CVE-2020-5018
IBM Spectrum Protect Plus 10.1.0 up to and including 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.
Ibm Spectrum Protect Plus
6.5
CVSSv3
CVE-2020-5019
IBM Spectrum Protect Plus 10.1.0 up to and including 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST head...
Ibm Spectrum Protect Plus
4.4
CVSSv3
CVE-2020-5021
IBM Spectrum Protect Plus 10.1.0 up to and including 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657.
Ibm Spectrum Protect Plus
5.3
CVSSv3
CVE-2020-5022
IBM Spectrum Protect Plus 10.1.0 up to and including 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658.
Ibm Spectrum Protect Plus
7.5
CVSSv3
CVE-2020-5023
IBM Spectrum Protect Plus 10.1.0 up to and including 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.
Ibm Spectrum Protect Plus
7.5
CVSSv3
CVE-2023-47148
IBM Storage Protect Plus Server 10.1.0 up to and including 10.1.15.2 Admin Console could allow a remote malicious user to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 2705...
Ibm Spectrum Protect Plus
5.9
CVSSv3
CVE-2022-40234
Versions of IBM Spectrum Protect Plus before 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obta...
Ibm Spectrum Protect Plus
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »