U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ibm:spectrum_protect_plus:10.1.4.145:*:*:*:*:*:*:*
There are 37 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-47148

IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599.

Published: February 02, 2024; 8:15:08 AM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2020-4497

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.

Published: December 14, 2022; 5:15:10 PM -0500
V3.1: 5.9 MEDIUM
V2.0:(not available)
CVE-2022-40234

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718.

Published: September 19, 2022; 2:15:10 PM -0400
V3.1: 5.9 MEDIUM
V2.0:(not available)
CVE-2021-3669

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

Published: August 26, 2022; 12:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-22396

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231.

Published: June 06, 2022; 3:15:09 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-22354

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.

Published: March 14, 2022; 1:15:08 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-39063

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration in access control headers. IBM X-Force ID: 214956.

Published: December 13, 2021; 2:15:08 PM -0500
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2021-39057

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.

Published: December 13, 2021; 2:15:08 PM -0500
V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2020-4496

The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.

Published: December 13, 2021; 2:15:07 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-20490

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.

Published: June 29, 2021; 12:15:08 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-29694

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258.

Published: April 26, 2021; 1:15:08 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-20432

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 196344.

Published: April 26, 2021; 1:15:07 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2020-5023

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.

Published: February 10, 2021; 12:15:16 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-5022

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658.

Published: January 08, 2021; 2:15:14 PM -0500
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-5021

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657.

Published: January 08, 2021; 2:15:14 PM -0500
V3.1: 4.4 MEDIUM
V2.0: 3.6 LOW
CVE-2020-5020

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 193656.

Published: January 08, 2021; 2:15:14 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-5019

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 193655.

Published: January 08, 2021; 2:15:14 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2020-5018

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.

Published: January 08, 2021; 2:15:14 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-4854

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.

Published: November 23, 2020; 12:15:12 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-4783

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214.

Published: November 23, 2020; 12:15:12 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM