cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-22494,https://securityvulnerability.io/vulnerability/CVE-2022-22494,Remote Information Disclosure in IBM Spectrum Protect Operations Center,"IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.14 are susceptible to a remote information disclosure vulnerability. An attacker can exploit this flaw by sending a specially-crafted HTTP request, potentially gaining sensitive details about the database, including its type and version. This information may facilitate further attacks against the system. Ensure your environment is protected by applying recommended security measures.",IBM,Spectrum Protect Operations Center,3.7,LOW,0.0008099999977275729,false,,false,false,false,,,false,false,,2022-06-30T17:15:00.000Z,0
CVE-2022-22484,https://securityvulnerability.io/vulnerability/CVE-2022-22484,Local Information Disclosure in IBM Spectrum Protect Operations Center,"IBM Spectrum Protect Operations Center versions 8.1.12 and 8.1.13 are susceptible to a vulnerability that may expose plain text user account passwords within the browser's application command history. This can enable a local attacker to retrieve stored passwords by accessing the browser history, resulting in unauthorized access to other user accounts. Organizations using these versions should take immediate action to mitigate this risk and secure their user credentials.",IBM,Spectrum Protect Operations Center,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-05-17T16:15:00.000Z,0
CVE-2022-22348,https://securityvulnerability.io/vulnerability/CVE-2022-22348,Reverse Tabnabbing Vulnerability in IBM Spectrum Protect Operations Center,"IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.13.xxx contain a vulnerability that facilitates reverse tabnabbing. This issue allows an attacker to exploit a malicious link entered by an administrator, leading to the overwriting of the original page with a fraudulent phishing page. As a result, unsuspecting users who click the link could be manipulated into revealing sensitive information. The potential risks underscore the importance of safeguarding against improper validation of external links.",IBM,Spectrum Protect Operations Center,4,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2022-03-14T17:15:00.000Z,0
CVE-2022-22346,https://securityvulnerability.io/vulnerability/CVE-2022-22346,Cross-Site Request Forgery Vulnerability in IBM Spectrum Protect Operations Center,"IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.13.xxx are susceptible to cross-site request forgery (CSRF). This vulnerability allows attackers to carry out unauthorized actions on behalf of unsuspecting users who are authenticated on the system. An exploit could enable a malicious actor to run arbitrary commands or access sensitive data, putting user environments at significant risk. Users are recommended to apply security patches and enhance their operational security protocols to mitigate potential threats.",IBM,Spectrum Protect Operations Center,4.3,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2022-03-14T17:15:00.000Z,0
CVE-2021-38901,https://securityvulnerability.io/vulnerability/CVE-2021-38901,Information Disclosure Vulnerability in IBM Spectrum Protect Operations Center,"IBM Spectrum Protect Operations Center 7.1, when configured in specific ways, may enable a local user to access highly sensitive information that should be protected, resulting in potential unauthorized exposure of confidential data. Administrators are urged to review their configurations and apply recommended security practices to mitigate the risk associated with this vulnerability.",IBM,Spectrum Protect Operations Center,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-12-13T19:15:00.000Z,0
CVE-2020-4955,https://securityvulnerability.io/vulnerability/CVE-2020-4955,,"IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.",IBM,Spectrum Protect Operations Center,8,HIGH,0.0031300000846385956,false,,false,false,false,,,false,false,,2021-02-15T15:15:00.000Z,0
CVE-2020-4954,https://securityvulnerability.io/vulnerability/CVE-2020-4954,,"IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.",IBM,Spectrum Protect Operations Center,4.2,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2021-02-15T15:15:00.000Z,0
CVE-2020-4956,https://securityvulnerability.io/vulnerability/CVE-2020-4956,,"IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.",IBM,Spectrum Protect Operations Center,4.8,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2021-02-15T15:15:00.000Z,0
CVE-2020-4771,https://securityvulnerability.io/vulnerability/CVE-2020-4771,,"IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993.",IBM,Spectrum Protect Operations Center,5.3,MEDIUM,0.0010100000072270632,false,,false,false,false,,,false,false,,2020-11-23T17:15:00.000Z,0
CVE-2020-4693,https://securityvulnerability.io/vulnerability/CVE-2020-4693,,"IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782.",IBM,Spectrum Protect Operations Center,9.1,CRITICAL,0.004449999891221523,false,,false,false,false,,,false,false,,2020-09-02T19:15:00.000Z,0