U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): IBM Spectrum Protect
  • Search Type: Search All
There are 115 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2019-4140

IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336.

Published: July 02, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2019-4129

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279.

Published: July 02, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2019-4088

IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511.

Published: July 02, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2019-4087

IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. IBM X-Force ID: 157510.

Published: July 02, 2019; 11:15:11 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2019-4383

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may result in an escalation of user privileges. IBM X-Force ID: 162165.

Published: July 01, 2019; 11:15:13 AM -0400
V4.0:(not available)
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2019-4357

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,

Published: July 01, 2019; 11:15:13 AM -0400
V4.0:(not available)
V3.1: 6.7 MEDIUM
V2.0: 7.2 HIGH
CVE-2019-4385

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. IBM X-Force ID: 162173.

Published: June 19, 2019; 10:15:11 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-1882

In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968.

Published: April 08, 2019; 11:29:00 AM -0400
V4.0:(not available)
V3.1: 4.7 MEDIUM
V2.0: 1.9 LOW
CVE-2018-1853

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014.

Published: April 08, 2019; 11:29:00 AM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-1787

IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vulnerability caused by insecure file permissions. IBM X-Force ID: 148872.

Published: April 08, 2019; 11:29:00 AM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-4093

IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a user to restore files and directories using IBM Spectrum Prootect Client Web User Interface on Windows that they should not have access to due to incorrect file permissions. IBM X-Force ID: 157981.

Published: April 02, 2019; 10:29:01 AM -0400
V4.0:(not available)
V3.1: 4.4 MEDIUM
V2.0: 3.6 LOW
CVE-2018-1786

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.

Published: November 12, 2018; 11:29:00 AM -0500
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-1788

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.

Published: November 02, 2018; 11:29:00 AM -0400
V4.0:(not available)
V3.0: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2018-1785

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.

Published: September 26, 2018; 11:29:01 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-1768

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622.

Published: September 26, 2018; 11:29:00 AM -0400
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 2.1 LOW
CVE-2018-1550

IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt or delete highly sensitive information that would cause a denial of service to other users. IBM X-Force ID: 142696.

Published: September 26, 2018; 11:29:00 AM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2018-1545

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.

Published: September 26, 2018; 11:29:00 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-1447

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.

Published: April 04, 2018; 2:29:02 PM -0400
V4.0:(not available)
V3.0: 8.1 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-1378

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.

Published: October 05, 2017; 1:29:00 PM -0400
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 2.1 LOW
CVE-2017-1339

IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.

Published: October 05, 2017; 1:29:00 PM -0400
V4.0:(not available)
V3.0: 4.4 MEDIUM
V2.0: 2.1 LOW