cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-28956,https://securityvulnerability.io/vulnerability/CVE-2023-28956,IBM Spectrum Protect Backup-Archive Client privilege escalation,A local privilege escalation vulnerability exists in the IBM Spectrum Protect Backup-Archive Client versions 8.1.0.0 through 8.1.17.2. This issue stems from improper access controls that could potentially be exploited by a local user to escalate their privileges within the system. Organizations using affected versions are advised to apply necessary patches and updates to mitigate this risk.,IBM,Spectrum Protect Backup-archive Client,8.4,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-06-22T02:15:00.000Z,0
CVE-2023-27863,https://securityvulnerability.io/vulnerability/CVE-2023-27863,IBM Spectrum Protect Plus Server information disclosure,"IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores.  IBM X-Force ID:  249325.",IBM,Spectrum Protect Plus Server,4.4,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-05-12T19:15:00.000Z,0
CVE-2020-4497,https://securityvulnerability.io/vulnerability/CVE-2020-4497,IBM Spectrum Protect Plus information disclosure,"
IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communication flow between Spectrum Protect Plus vSnap and its agents. An attacker could obtain information using main in the middle techniques. IBM X-Force ID: 182106.

",IBM,Spectrum Protect Plus,6.8,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2022-12-14T21:50:35.313Z,0
CVE-2022-40608,https://securityvulnerability.io/vulnerability/CVE-2022-40608,Directory Traversal Vulnerability in IBM Spectrum Protect Plus Software,"In IBM Spectrum Protect Plus versions 10.1.6 to 10.1.11, a directory traversal vulnerability allows attackers to manipulate the URL during Microsoft File Systems restore operations. This flaw can lead to unauthorized access to sensitive files on the target machine, posing a significant risk to data security and integrity. Operators may inadvertently restore files that should remain protected, making it crucial for users to apply security patches and monitor their systems for potential exploits.",IBM,Spectrum Protect Plus,5.9,MEDIUM,0.0013699999544769526,false,,false,false,false,,,false,false,,2022-09-19T18:15:00.000Z,0
CVE-2022-40234,https://securityvulnerability.io/vulnerability/CVE-2022-40234,Insecure TLS Certificate Management in IBM Spectrum Protect Plus,"Versions of IBM Spectrum Protect Plus before 10.1.12 inadvertently include private key details within generated .crt files during TLS certificate uploads. If such a .crt file is distributed, it allows unauthorized access to the associated private key, creating a significant security risk. This vulnerability can facilitate attacks that compromise secure communications.",IBM,Spectrum Protect Plus,5.9,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-09-17T00:00:00.000Z,0
CVE-2022-22496,https://securityvulnerability.io/vulnerability/CVE-2022-22496,Offline Dictionary Attack Vulnerability in IBM Spectrum Protect Server,"IBM Spectrum Protect Server versions 8.1.0.000 through 8.1.14 are vulnerable when configured with SESSIONSECURITY=TRANSITIONAL. This setup can expose user accounts to offline dictionary attacks, where an attacker could potentially guess passwords by systematically testing a list of credentials without immediate feedback. It is crucial for impacted users to update configuration settings or upgrade to the latest version to mitigate this risk.",IBM,Spectrum Protect Server,5.3,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2022-06-30T17:15:00.000Z,0
CVE-2022-22487,https://securityvulnerability.io/vulnerability/CVE-2022-22487,Brute Force Authentication Vulnerability in IBM Spectrum Protect Storage Agent,"The IBM Spectrum Protect storage agent is susceptible to a brute force authentication vulnerability that permits remote attackers to attempt unlimited login attempts without locking the administrative account. This flaw could allow unauthorized individuals to exploit the agent and subsequently gain access to the IBM Spectrum Protect Server it interfaces with, enabling potential unauthorized actions and access to sensitive data.",IBM,Spectrum Protect Server,5.9,MEDIUM,0.002469999948516488,false,,false,false,false,,,false,false,,2022-06-30T17:15:00.000Z,0
CVE-2022-22472,https://securityvulnerability.io/vulnerability/CVE-2022-22472,Access Control Vulnerability in IBM Spectrum Protect Plus Software,"The IBM Spectrum Protect Plus software, specifically in versions 10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift, contains a flaw that allows a remote attacker to circumvent role-based access controls. This is accomplished through the improper disclosure of session information, which could be exploited by analyzing container logs. Such exploitation could enable unauthorized access to the system, leveraging the permissions of existing IBM Spectrum Protect Plus users against the vulnerable server instance.",IBM,Spectrum Protect Plus,6,MEDIUM,0.001879999996162951,false,,false,false,false,,,false,false,,2022-06-30T17:15:00.000Z,0
CVE-2022-22478,https://securityvulnerability.io/vulnerability/CVE-2022-22478,Credential Storage Vulnerability in IBM Spectrum Protect Client,"The IBM Spectrum Protect Client versions 8.1.0.0 through 8.1.14.0 are affected by a vulnerability where user credentials are stored in plain text, allowing a local user to access sensitive authentication information. This exposes users to potential unauthorized access and exploitation of their data. It highlights critical security implications regarding credential management in software design, necessitating immediate action to mitigate risks.",IBM,Spectrum Protect Client,6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-06-30T17:15:00.000Z,0
CVE-2022-22494,https://securityvulnerability.io/vulnerability/CVE-2022-22494,Remote Information Disclosure in IBM Spectrum Protect Operations Center,"IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.14 are susceptible to a remote information disclosure vulnerability. An attacker can exploit this flaw by sending a specially-crafted HTTP request, potentially gaining sensitive details about the database, including its type and version. This information may facilitate further attacks against the system. Ensure your environment is protected by applying recommended security measures.",IBM,Spectrum Protect Operations Center,3.7,LOW,0.0008099999977275729,false,,false,false,false,,,false,false,,2022-06-30T17:15:00.000Z,0
CVE-2022-22474,https://securityvulnerability.io/vulnerability/CVE-2022-22474,Denial of Service in IBM Spectrum Protect Client Operations,"A vulnerability exists in IBM Spectrum Protect affecting versions 8.1.0.0 through 8.1.14.0 where the dsmcad, dsmc, and dsmcsvc processes mishandle certain read operations on TCP/IP sockets. This flaw can lead to a condition that disrupts client operations, potentially causing service interruptions and impacting the availability of the affected systems.",IBM,Spectrum Protect Client,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2022-06-30T17:15:00.000Z,0
CVE-2022-22485,https://securityvulnerability.io/vulnerability/CVE-2022-22485,Brute Force Login Bypass in IBM Spectrum Protect Operations Center,"A vulnerability in IBM Spectrum Protect Operations Center allows an attacker to exploit a failure in the login mechanism. When attempts to log in are unsuccessful, the invalid sign-on count does not increment on the IBM Spectrum Protect Server. This loophole can be exploited using brute-force techniques, enabling unauthorized administrative access, posing significant risks to the security and integrity of the server.",IBM,Spectrum Protect Server,5.9,MEDIUM,0.001449999981559813,false,,false,false,false,,,false,false,,2022-06-17T16:15:00.000Z,0
CVE-2022-22396,https://securityvulnerability.io/vulnerability/CVE-2022-22396,Cleartext Credential Exposure in IBM Spectrum Protect Plus Log File,"The vulnerability reveals sensitive credentials, such as remote vSnap and offload target information, in clear text within the log files of IBM Spectrum Protect Plus, specifically versions 10.1.0.0 to 10.1.9.3. This exposure occurs under certain conditions and can potentially allow unauthorized access to critical system resources. While credentials using API keys or certificates remain protected, the risk associated with cleartext credentials poses a significant threat to the security of the system, necessitating immediate attention and remediation by affected users.",IBM,Spectrum Protect Plus,6.8,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2022-06-06T19:15:00.000Z,0
CVE-2022-22484,https://securityvulnerability.io/vulnerability/CVE-2022-22484,Local Information Disclosure in IBM Spectrum Protect Operations Center,"IBM Spectrum Protect Operations Center versions 8.1.12 and 8.1.13 are susceptible to a vulnerability that may expose plain text user account passwords within the browser's application command history. This can enable a local attacker to retrieve stored passwords by accessing the browser history, resulting in unauthorized access to other user accounts. Organizations using these versions should take immediate action to mitigate this risk and secure their user credentials.",IBM,Spectrum Protect Operations Center,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-05-17T16:15:00.000Z,0
CVE-2022-22394,https://securityvulnerability.io/vulnerability/CVE-2022-22394,Remote Access Control Bypass Vulnerability in IBM Spectrum Protect,"The IBM Spectrum Protect server version 8.1.14.000 is susceptible to a vulnerability that allows remote attackers to bypass established security restrictions. This security flaw arises from inadequately enforced access controls, enabling a malicious user to log in and exploit the oversight. Consequently, the attacker may gain unauthorized administrative or node access to the compromised server, posing significant risks to data integrity and system confidentiality.",IBM,Spectrum Protect Server,7.5,HIGH,0.0018100000452250242,false,,false,false,false,,,false,false,,2022-03-21T17:15:00.000Z,0
CVE-2022-22354,https://securityvulnerability.io/vulnerability/CVE-2022-22354,Denial of Service Vulnerability in IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management,"IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management are vulnerable due to insufficient length limitations on incoming connections. This flaw could be exploited to initiate a Slowloris HTTP denial of service attack, leading to a potential unresponsive state for the Admin Console. This poses a risk for operational efficiency and accessibility of critical management interfaces, making it essential for users to ensure their systems are updated to the latest versions to mitigate this vulnerability.",IBM,"Spectrum Copy Data Management,Spectrum Protect Plus",6.2,MEDIUM,0.0021899999119341373,false,,false,false,false,,,false,false,,2022-03-14T17:15:00.000Z,0
CVE-2022-22348,https://securityvulnerability.io/vulnerability/CVE-2022-22348,Reverse Tabnabbing Vulnerability in IBM Spectrum Protect Operations Center,"IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.13.xxx contain a vulnerability that facilitates reverse tabnabbing. This issue allows an attacker to exploit a malicious link entered by an administrator, leading to the overwriting of the original page with a fraudulent phishing page. As a result, unsuspecting users who click the link could be manipulated into revealing sensitive information. The potential risks underscore the importance of safeguarding against improper validation of external links.",IBM,Spectrum Protect Operations Center,4,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2022-03-14T17:15:00.000Z,0
CVE-2022-22346,https://securityvulnerability.io/vulnerability/CVE-2022-22346,Cross-Site Request Forgery Vulnerability in IBM Spectrum Protect Operations Center,"IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.13.xxx are susceptible to cross-site request forgery (CSRF). This vulnerability allows attackers to carry out unauthorized actions on behalf of unsuspecting users who are authenticated on the system. An exploit could enable a malicious actor to run arbitrary commands or access sensitive data, putting user environments at significant risk. Users are recommended to apply security patches and enhance their operational security protocols to mitigate potential threats.",IBM,Spectrum Protect Operations Center,4.3,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2022-03-14T17:15:00.000Z,0
CVE-2020-4496,https://securityvulnerability.io/vulnerability/CVE-2020-4496,Man-in-the-middle Vulnerability in IBM Spectrum Protect Plus Server,"A vulnerability exists in the IBM Spectrum Protect Plus server versions 10.1.0.0 through 10.1.8.x, allowing for a man-in-the-middle attack due to improper certificate validation when connecting to an associated workload agent. This flaw can expose sensitive data and compromise system integrity if exploited. Users are advised to review their security practices and ensure that appropriate certificate validation methods are in place to mitigate potential risks.",IBM,Spectrum Protect Plus,6.8,MEDIUM,0.0007699999841861427,false,,false,false,false,,,false,false,,2021-12-13T19:15:00.000Z,0
CVE-2021-39057,https://securityvulnerability.io/vulnerability/CVE-2021-39057,Server-Side Request Forgery in IBM Spectrum Protect Plus,"IBM Spectrum Protect Plus versions 10.1.0.0 to 10.1.8.x are susceptible to a server-side request forgery vulnerability. This allows an authenticated attacker to craft unauthorized requests originating from the server itself. The exploitation of this vulnerability could lead to unauthorized access, network enumeration, and other malicious activities, thereby compromising the security of the affected environment.",IBM,Spectrum Protect Plus,4.2,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2021-12-13T19:15:00.000Z,0
CVE-2021-39063,https://securityvulnerability.io/vulnerability/CVE-2021-39063,Cross-Origin Resource Sharing Misconfiguration in IBM Spectrum Protect Plus,IBM Spectrum Protect Plus versions 10.1.0.0 through 10.1.8.x display a vulnerability related to Cross-Origin Resource Sharing (CORS). This misconfiguration can enable an attacker to perform privileged actions and gain unauthorized access to sensitive information by manipulating access control headers. Proper assessment and mitigation strategies are necessary to secure affected systems.,IBM,Spectrum Protect Plus,6.5,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2021-12-13T19:15:00.000Z,0
CVE-2021-39048,https://securityvulnerability.io/vulnerability/CVE-2021-39048,Stack-based Buffer Overflow in IBM Spectrum Protect Client Products,"IBM Spectrum Protect Client versions 7.1 and 8.1 are susceptible to a stack-based buffer overflow due to inadequate bounds checking. An attacker with local access may exploit this vulnerability, potentially leading to service disruption. Attackers may manipulate the input to execute unauthorized actions, resulting in a denial of service. For more information on mitigation and updates, visit the official IBM support page.",IBM,Spectrum Protect,6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-12-13T19:15:00.000Z,0
CVE-2021-38901,https://securityvulnerability.io/vulnerability/CVE-2021-38901,Information Disclosure Vulnerability in IBM Spectrum Protect Operations Center,"IBM Spectrum Protect Operations Center 7.1, when configured in specific ways, may enable a local user to access highly sensitive information that should be protected, resulting in potential unauthorized exposure of confidential data. Administrators are urged to review their configurations and apply recommended security practices to mitigate the risk associated with this vulnerability.",IBM,Spectrum Protect Operations Center,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-12-13T19:15:00.000Z,0
CVE-2021-20490,https://securityvulnerability.io/vulnerability/CVE-2021-20490,,IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791.,IBM,Spectrum Protect Plus,4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-06-29T16:15:00.000Z,0
CVE-2021-20546,https://securityvulnerability.io/vulnerability/CVE-2021-20546,,"IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934",IBM,Spectrum Protect For Space Management,6.2,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-04-26T17:15:00.000Z,0