cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-38730,https://securityvulnerability.io/vulnerability/CVE-2023-38730,IBM Spectrum Copy Data Management information disclosure,IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.  IBM X-Force ID:  262268.,IBM,Spectrum Copy Data Management,5.9,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2023-08-27T23:15:00.000Z,0
CVE-2022-30610,https://securityvulnerability.io/vulnerability/CVE-2022-30610,Reverse Tabnabbing Vulnerability in IBM Spectrum Copy Data Management,"IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0 are susceptible to a reverse tabnabbing vulnerability, which can be exploited via malicious URLs entered by an administrator. This allows an attacker to potentially rewrite the original page with a phishing page when another administrator clicks the malicious link. Proper security measures should be taken to avoid such exploitation.",IBM,Spectrum Copy Data Management,4.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2022-06-10T16:15:00.000Z,0
CVE-2022-30611,https://securityvulnerability.io/vulnerability/CVE-2022-30611,Cross-Site Scripting in IBM Spectrum Copy Data Management,"IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0 are susceptible to cross-site scripting due to inadequate validation of user-generated input. This vulnerability allows remote attackers to inject malicious scripts via specific fields in the portal UI, potentially leading to the execution of harmful scripts in the context of the victim's browser. Successful exploitation could enable attackers to capture cookie-based authentication credentials from unsuspecting users, posing significant security risks.",IBM,Spectrum Copy Data Management,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2022-06-10T16:15:00.000Z,0
CVE-2022-31769,https://securityvulnerability.io/vulnerability/CVE-2022-31769,Remote Information Disclosure in IBM Spectrum Copy Data Management,"A vulnerability exists in IBM Spectrum Copy Data Management versions 2.2.0.0 to 2.2.15.0 that permits a remote attacker to disclose sensitive product configuration information stored in PostgreSQL databases. This exposure may facilitate additional attacks against the system, presenting a security risk for affected environments. To mitigate this risk, users should consider updating to a patched version and reviewing their security settings.",IBM,Spectrum Copy Data Management,5.3,MEDIUM,0.0010000000474974513,false,,false,false,false,,,false,false,,2022-06-10T16:15:00.000Z,0
CVE-2022-22426,https://securityvulnerability.io/vulnerability/CVE-2022-22426,Authentication Bypass in IBM Spectrum Copy Data Management,"IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0 are susceptible to an authentication bypass vulnerability due to improper session management. Local attackers could exploit this flaw to circumvent authentication mechanisms, gaining unauthorized access to the Spectrum Copy Data Management catalog, which contains sensitive metadata. This vulnerability raises significant security concerns, as it may allow malicious actors to manipulate or exfiltrate critical data without proper authentication. Prompt assessment and remediation of this issue are crucial for safeguarding data integrity.",IBM,Spectrum Copy Data Management,2.9,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-06-10T16:15:00.000Z,0
CVE-2022-22479,https://securityvulnerability.io/vulnerability/CVE-2022-22479,Cross-Site Request Forgery in IBM Spectrum Copy Data Management,"IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0 have a vulnerability that allows for cross-site request forgery (CSRF). This security flaw enables an attacker to carry out unauthorized actions on behalf of trusted users, potentially compromising sensitive data and system integrity. Users and administrators must be aware of this vulnerability to ensure their environments are secure and take appropriate measures to mitigate risks.",IBM,Spectrum Copy Data Management,5,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2022-06-10T16:15:00.000Z,0
CVE-2022-22354,https://securityvulnerability.io/vulnerability/CVE-2022-22354,Denial of Service Vulnerability in IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management,"IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management are vulnerable due to insufficient length limitations on incoming connections. This flaw could be exploited to initiate a Slowloris HTTP denial of service attack, leading to a potential unresponsive state for the Admin Console. This poses a risk for operational efficiency and accessibility of critical management interfaces, making it essential for users to ensure their systems are updated to the latest versions to mitigate this vulnerability.",IBM,"Spectrum Copy Data Management,Spectrum Protect Plus",6.2,MEDIUM,0.0021899999119341373,false,,false,false,false,,,false,false,,2022-03-14T17:15:00.000Z,0
CVE-2021-39055,https://securityvulnerability.io/vulnerability/CVE-2021-39055,Cross-Site Scripting Vulnerability in IBM Spectrum Copy Data Management,"IBM Spectrum Copy Data Management versions 2.2.0.0 to 2.2.14.3 are affected by a cross-site scripting vulnerability, allowing unauthorized users to inject arbitrary JavaScript into the Web UI. This alteration can compromise intended functionalities and may lead to the disclosure of sensitive user credentials during established sessions. Users are encouraged to review their configurations and apply necessary updates to mitigate this issue. For more information, visit the IBM support page.",IBM,Spectrum Copy Data Management,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-03-14T17:15:00.000Z,0
CVE-2021-39051,https://securityvulnerability.io/vulnerability/CVE-2021-39051,Server-Side Request Forgery in IBM Spectrum Copy Data Management,"IBM Spectrum Copy Data Management versions 2.2.0.0 to 2.2.14.3 have a vulnerability that arises from improper input handling in the application server registration feature. This allows a remote attacker to exploit the application by using the host address and port fields in the portal UI. Through this exploit, the attacker can enumerate and potentially compromise services running on the specified hosts, creating significant security risks.",IBM,Spectrum Copy Data Management,4.8,MEDIUM,0.0010000000474974513,false,,false,false,false,,,false,false,,2022-03-14T17:15:00.000Z,0
CVE-2022-22344,https://securityvulnerability.io/vulnerability/CVE-2022-22344,HTTP Header Injection Vulnerability in IBM Spectrum Copy Data Management,"IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.14.3 are susceptible to an HTTP header injection vulnerability. This security flaw arises from the inadequate validation of input provided in the HOST headers. Attackers may exploit this weakness to launch a range of attacks such as cross-site scripting, cache poisoning, or session hijacking, compromising the integrity and confidentiality of the affected systems. Organizations using the vulnerable versions should implement timely updates or security measures to mitigate the risks associated with this vulnerability.",IBM,Spectrum Copy Data Management,4.8,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2022-03-14T17:15:00.000Z,0
CVE-2021-39054,https://securityvulnerability.io/vulnerability/CVE-2021-39054,Clickjacking Vulnerability in IBM Spectrum Copy Data Management,"IBM Spectrum Copy Data Management versions 2.2.13 and earlier are susceptible to a clickjacking vulnerability that allows a remote attacker to manipulate a victim's click actions. Through social engineering techniques that lure the victim to a malicious website, the attacker can effectively hijack the web interface, leading to unauthorized actions that may compromise the victim's security. This vulnerability emphasizes the importance of web security and user awareness in preventing exploitation.",IBM,Spectrum Copy Data Management,5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-12-13T18:15:00.000Z,0
CVE-2021-39058,https://securityvulnerability.io/vulnerability/CVE-2021-39058,Insecure Cryptographic Methods in IBM Spectrum Copy Data Management,"IBM Spectrum Copy Data Management versions prior to 2.2.13 employ cryptographic algorithms that are weaker than industry standards. This vulnerability could potentially enable attackers to decrypt sensitive data, posing a significant risk to data integrity and confidentiality. Users are urged to upgrade to improve data security and mitigate exposure to this flaw.",IBM,Spectrum Copy Data Management,5.9,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2021-12-13T18:15:00.000Z,0
CVE-2021-39065,https://securityvulnerability.io/vulnerability/CVE-2021-39065,Remote Code Execution Vulnerability in IBM Spectrum Copy Data Management,"IBM Spectrum Copy Data Management versions 2.2.13 and earlier are susceptible to a security flaw that enables remote attackers to execute arbitrary commands on affected systems. This vulnerability arises from inadequate validation of user-provided input within the Admin Console. By exploiting this weakness via the login and upload certificate functions, a malicious actor may inject shell commands that are executed by the system, compromising its integrity. Proper mitigation strategies should be employed to protect systems from potential exploitation.",IBM,Spectrum Copy Data Management,8.1,HIGH,0.0021200000774115324,false,,false,false,false,,,false,false,,2021-12-13T18:15:00.000Z,0
CVE-2021-39064,https://securityvulnerability.io/vulnerability/CVE-2021-39064,Weak Authentication and Default Credential Management in IBM Spectrum Copy Data Management,"IBM Spectrum Copy Data Management versions 2.2.13 and earlier are susceptible to vulnerabilities due to weak authentication mechanisms and inadequate handling of default credentials for the Admin console. This flaw could potentially allow unauthorized access, leading to further exploitation of the system. Proper security measures are essential to mitigate the risks associated with this vulnerability, particularly regarding password strength and authentication practices. Organizations utilizing these affected versions should assess their security configurations and implement stronger credential management procedures.",IBM,Spectrum Copy Data Management,5.9,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2021-12-13T18:15:00.000Z,0
CVE-2021-38947,https://securityvulnerability.io/vulnerability/CVE-2021-38947,Weak Cryptographic Algorithm in IBM Spectrum Copy Data Management Affects Sensitive Data Security,"IBM Spectrum Copy Data Management versions 2.2.13 and earlier are impacted by a vulnerability due to the utilization of cryptographic algorithms that do not meet expected strength standards. This weakness could potentially allow attackers to access and decrypt sensitive data, posing a significant risk to data security. Organizations using affected versions should review their implementations and consider applying security patches to mitigate potential threats.",IBM,Spectrum Copy Data Management,5.9,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2021-12-13T18:15:00.000Z,0
CVE-2021-39052,https://securityvulnerability.io/vulnerability/CVE-2021-39052,Remote Access Vulnerability in IBM Spectrum Copy Data Management,IBM Spectrum Copy Data Management versions 2.2.13 and earlier are vulnerable to unauthorized remote access through the Spring Boot console. Attackers may exploit this weakness to gain control over sensitive information and operational capabilities within the affected system. This vulnerability highlights the critical need for proper access controls to protect against potential threats.,IBM,Spectrum Copy Data Management,5.6,MEDIUM,0.003329999977722764,false,,false,false,false,,,false,false,,2021-12-13T18:15:00.000Z,0
CVE-2021-39053,https://securityvulnerability.io/vulnerability/CVE-2021-39053,Information Disclosure in IBM Spectrum Copy Data Management,"IBM Spectrum Copy Data Management versions 2.2.13 and earlier are susceptible to a vulnerability that allows remote attackers to gain unauthorized access to sensitive information. This issue arises from the inadequate management of requests directed at the Spectrum Copy Data Management Admin Console. By crafting and sending a specially designed request, an attacker could exploit this weakness to retrieve confidential data, potentially compromising system integrity and user privacy.",IBM,Spectrum Copy Data Management,5.9,MEDIUM,0.002139999996870756,false,,false,false,false,,,false,false,,2021-12-13T18:15:00.000Z,0