cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-38320,https://securityvulnerability.io/vulnerability/CVE-2024-38320,Cryptographic Vulnerability in IBM Storage Protect for Virtual Environments,"IBM Storage Protect for Virtual Environments, including the Data Protection for VMware and the Backup-Archive Client versions 8.1.0.0 through 8.1.23.0, utilizes cryptographic algorithms that are weaker than expected. This vulnerability may allow an unauthorized attacker to decrypt highly sensitive information, posing a significant risk to the confidentiality of the data being protected.",IBM,"Storage Protect For Virtual Environments: Data Protection For Vmware,Storage Protect Backup-archive Client",5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-27T15:43:06.712Z,0
CVE-2024-38329,https://securityvulnerability.io/vulnerability/CVE-2024-38329,IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass,"IBM Storage Protect for Virtual Environments, specifically versions 8.1.0.0 through 8.1.22.0, is susceptible to a security vulnerability that may allow remote authenticated attackers to bypass critical security restrictions. This flaw arises from the inadequate validation of user permissions. A malicious actor could exploit this vulnerability through specially crafted requests. Potential consequences include unauthorized modifications of configuration settings, initiating or restoring backups, and the deletion of all historical backups via log rotation. This vulnerability poses significant risks to data integrity and recovery processes.",IBM,Storage Protect For Virtual Environments: Data Protection For Vmware,7.7,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-19T13:43:41.191Z,0
CVE-2023-50963,https://securityvulnerability.io/vulnerability/CVE-2023-50963,IBM Storage Defender HTTP HOST header injection,"IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.  IBM X-Force ID:  276101.",IBM,Storage Defender - Data Protect,5.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2024-01-19T01:30:49.594Z,0
CVE-2022-22354,https://securityvulnerability.io/vulnerability/CVE-2022-22354,Denial of Service Vulnerability in IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management,"IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management are vulnerable due to insufficient length limitations on incoming connections. This flaw could be exploited to initiate a Slowloris HTTP denial of service attack, leading to a potential unresponsive state for the Admin Console. This poses a risk for operational efficiency and accessibility of critical management interfaces, making it essential for users to ensure their systems are updated to the latest versions to mitigate this vulnerability.",IBM,"Spectrum Copy Data Management,Spectrum Protect Plus",6.2,MEDIUM,0.0021899999119341373,false,,false,false,false,,,false,false,,2022-03-14T17:15:00.000Z,0
CVE-2016-3059,https://securityvulnerability.io/vulnerability/CVE-2016-3059,,IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka IBM Spectrum Protect for Databases) 6.3 before 6.3.1.7 and 6.4 before 6.4.1.9 and Tivoli Storage FlashCopy Manager for Microsoft SQL Server (aka IBM Spectrum Protect Snapshot) 3.1 before 3.1.1.7 and 3.2 before 3.2.1.9 allow local users to discover a cleartext SQL Server password by reading the Task List in the MMC GUI.,IBM,"Tivoli Storage Flashcopy Manager For Sql Server,Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server",6.2,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2016-08-08T01:00:00.000Z,0
CVE-2015-7425,https://securityvulnerability.io/vulnerability/CVE-2015-7425,,"The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.",IBM,"Tivoli Storage Flashcopy Manager For Vmware,Tivoli Storage Manager For Virtual Environments Data Protection For Vmware",10,CRITICAL,0.007089999970048666,false,,false,false,false,,,false,false,,2016-02-21T18:00:00.000Z,0
CVE-2015-7404,https://securityvulnerability.io/vulnerability/CVE-2015-7404,,"IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, 3.2 before 3.2.1.8, and 4.1 before 4.1.4, when application tracing is configured, write cleartext passwords during changetsmpassword command execution, which allows local users to obtain sensitive information by reading the application trace output.",IBM,"Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server,Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2015-11-14T02:00:00.000Z,0
CVE-2015-4950,https://securityvulnerability.io/vulnerability/CVE-2015-4950,,"The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name.",IBM,"Tivoli Storage Flashcopy Manager For Microsoft Exchange Server,Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server,Tivoli Storage Fastback For Microsoft Exchange",,,0.001180000021122396,false,,false,false,false,,,false,false,,2015-08-23T14:00:00.000Z,0
CVE-2015-6557,https://securityvulnerability.io/vulnerability/CVE-2015-6557,,"IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949.",IBM,"Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server,Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server,Tivoli Storage Flashcopy Manager",,,0.0004400000034365803,false,,false,false,false,,,false,false,,2015-08-23T01:00:00.000Z,0
CVE-2015-4949,https://securityvulnerability.io/vulnerability/CVE-2015-4949,,"IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, and Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015-6557.",IBM,"Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server,Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server,Tivoli Storage Flashcopy Manager",,,0.0005099999834783375,false,,false,false,false,,,false,false,,2015-08-23T01:00:00.000Z,0
CVE-2013-3976,https://securityvulnerability.io/vulnerability/CVE-2013-3976,,"The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore.",IBM,"Flashcopy Manager,Tivoli Storage Manager For Mail,Data Protection,Tivoli Storage Flashcopy Manager",,,0.0011500000255182385,false,,false,false,false,,,false,false,,2014-03-26T10:00:00.000Z,0
CVE-2009-1334,https://securityvulnerability.io/vulnerability/CVE-2009-1334,,Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter.,IBM,Tivoli Continuous Data Protection For Files,,,0.004490000195801258,false,,false,false,false,,,false,false,,2009-04-17T14:00:00.000Z,0
CVE-2007-5819,https://securityvulnerability.io/vulnerability/CVE-2007-5819,,"IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients.",IBM,Tivoli Continuous Data Protection For Files,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2007-11-05T18:00:00.000Z,0