Ibm Spectrum Protect Plus — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Spectrum Protect Plus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (44)
CVE-2020-4216 — CVSS 9.8 (critical): IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for…
CVE-2020-4469 — CVSS 9.8 (critical): IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially…
CVE-2020-4854 — CVSS 9.8 (critical): IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for…
CVE-2020-4208 — CVSS 9.8 (critical): IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for…
CVE-2021-39063 — CVSS 9.1 (critical): IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out…
CVE-2020-4206 — CVSS 8.8 (high): IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of…
CVE-2020-4241 — CVSS 8.8 (high): IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary…
CVE-2020-4242 — CVSS 8.8 (high): IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary…
CVE-2021-39057 — CVSS 8.1 (high): IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated…
CVE-2020-4703 — CVSS 8.0 (high): IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary files…
CVE-2020-4470 — CVSS 8.0 (high): IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files…
CVE-2022-22396 — CVSS 7.5 (high): Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases…
CVE-2022-22354 — CVSS 7.5 (high): IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length…
CVE-2020-5018 — CVSS 7.5 (high): IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being…
CVE-2022-40608 — CVSS 7.5 (high): IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by…
CVE-2020-4214 — CVSS 7.5 (high): IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation…
CVE-2021-29694 — CVSS 7.5 (high): IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt…
CVE-2020-5023 — CVSS 7.5 (high): IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash…
CVE-2019-4652 — CVSS 7.1 (high): IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could…
CVE-2020-4497 — CVSS 6.8 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication…
CVE-2019-4357 — CVSS 6.7 (medium): When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation…
CVE-2019-4383 — CVSS 6.7 (medium): When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore operation may…
CVE-2020-4477 — CVSS 6.5 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be…
CVE-2019-4385 — CVSS 6.5 (medium): IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an…
CVE-2020-4240 — CVSS 6.5 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send…
CVE-2020-4471 — CVSS 6.5 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions…
CVE-2020-4711 — CVSS 6.5 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send…
CVE-2020-5019 — CVSS 6.5 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST…
CVE-2021-20432 — CVSS 6.5 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out…
CVE-2021-20536 — CVSS 6.2 (medium): IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by…
CVE-2020-5020 — CVSS 6.1 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a…
CVE-2020-4783 — CVSS 5.9 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to…
CVE-2020-4565 — CVSS 5.9 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications…
CVE-2020-4496 — CVSS 5.9 (medium): The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a…
CVE-2022-40234 — CVSS 5.9 (medium): Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the…
CVE-2018-1768 — CVSS 5.6 (medium): IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the…
CVE-2021-3669 — CVSS 5.5 (medium): A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which…
CVE-2021-20490 — CVSS 5.5 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission…
CVE-2020-4631 — CVSS 5.5 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with…
CVE-2020-4209 — CVSS 5.4 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send…
CVE-2023-47148 — CVSS 5.3 (medium): IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to…
CVE-2019-4703 — CVSS 5.3 (medium): IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate…
CVE-2020-5022 — CVSS 5.3 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an…
CVE-2020-5021 — CVSS 4.4 (medium): IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to…