Vulnerabilites related to ibm - spectrum_protect_client
cve-2021-29672
Vulnerability from cvelistv5
Published
2021-04-26 16:30
Modified
2024-09-17 01:21
Summary
IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479
References
Impacted products
Vendor Product Version
IBM Spectrum Protect for Space Management Version: 8.1.0.0
Version: 8.1.11.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T22:11:06.379Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6445497",
               },
               {
                  name: "ibm-spectrum-cve202129672-bo (199479)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199479",
               },
               {
                  name: "GLSA-202209-02",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-02",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Spectrum Protect for Space Management",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "8.1.0.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.11.0",
                  },
               ],
            },
         ],
         datePublic: "2021-04-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 7.3,
                  temporalSeverity: "HIGH",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AC:L/C:H/PR:N/AV:L/UI:N/I:H/S:U/A:H/E:U/RL:O/RC:C",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Gain Privileges",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-07T04:06:19",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.ibm.com/support/pages/node/6445497",
            },
            {
               name: "ibm-spectrum-cve202129672-bo (199479)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199479",
            },
            {
               name: "GLSA-202209-02",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-02",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2021-04-23T00:00:00",
               ID: "CVE-2021-29672",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Spectrum Protect for Space Management",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.1.0.0",
                                       },
                                       {
                                          version_value: "8.1.11.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "H",
                     AC: "L",
                     AV: "L",
                     C: "H",
                     I: "H",
                     PR: "N",
                     S: "U",
                     UI: "N",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Gain Privileges",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ibm.com/support/pages/node/6445497",
                     refsource: "CONFIRM",
                     title: "IBM Security Bulletin 6445497 (Spectrum Protect for Space Management)",
                     url: "https://www.ibm.com/support/pages/node/6445497",
                  },
                  {
                     name: "ibm-spectrum-cve202129672-bo (199479)",
                     refsource: "XF",
                     title: "X-Force Vulnerability Report",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199479",
                  },
                  {
                     name: "GLSA-202209-02",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-02",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2021-29672",
      datePublished: "2021-04-26T16:30:45.624450Z",
      dateReserved: "2021-03-31T00:00:00",
      dateUpdated: "2024-09-17T01:21:21.614Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-4406
Vulnerability from cvelistv5
Published
2020-06-15 13:25
Modified
2024-09-17 00:15
Summary
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.
Impacted products
Vendor Product Version
IBM Spectrum Protect Client (Linux and Windows) Version: 8.1.7.0
Version: 8.1.9.1
IBM Spectrum Protect Client (AIX) Version: 8.1.9.0
Version: 8.1.9.1
IBM Spectrum Protect for Space Management (AIX) Version: 8.1.9.0
Version: 8.1.9.1
IBM Spectrum Protect for Space Management (Linux) Version: 8.1.7.0
Version: 8.1.9.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:00:06.943Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6221448",
               },
               {
                  name: "ibm-spectrum-cve20204406-clickjacking (179488)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179488",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Spectrum Protect Client (Linux and Windows)",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "8.1.7.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.9.1",
                  },
               ],
            },
            {
               product: "Spectrum Protect Client (AIX)",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "8.1.9.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.9.1",
                  },
               ],
            },
            {
               product: "Spectrum Protect for Space Management (AIX)",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "8.1.9.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.9.1",
                  },
               ],
            },
            {
               product: "Spectrum Protect for Space Management (Linux)",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "8.1.7.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.9.1",
                  },
               ],
            },
         ],
         datePublic: "2020-06-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "CHANGED",
                  temporalScore: 4.7,
                  temporalSeverity: "MEDIUM",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/C:L/PR:L/AC:L/UI:R/S:C/A:N/I:L/E:U/RC:C/RL:O",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Gain Access",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-15T13:25:25",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.ibm.com/support/pages/node/6221448",
            },
            {
               name: "ibm-spectrum-cve20204406-clickjacking (179488)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179488",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2020-06-12T00:00:00",
               ID: "CVE-2020-4406",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Spectrum Protect Client (Linux and Windows)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.1.7.0",
                                       },
                                       {
                                          version_value: "8.1.9.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Spectrum Protect Client (AIX)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.1.9.0",
                                       },
                                       {
                                          version_value: "8.1.9.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Spectrum Protect for Space Management (AIX)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.1.9.0",
                                       },
                                       {
                                          version_value: "8.1.9.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Spectrum Protect for Space Management (Linux)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.1.7.0",
                                       },
                                       {
                                          version_value: "8.1.9.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "N",
                     AC: "L",
                     AV: "N",
                     C: "L",
                     I: "L",
                     PR: "L",
                     S: "C",
                     UI: "R",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Gain Access",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ibm.com/support/pages/node/6221448",
                     refsource: "CONFIRM",
                     title: "IBM Security Bulletin 6221448 (Spectrum Protect Client (Linux and Windows))",
                     url: "https://www.ibm.com/support/pages/node/6221448",
                  },
                  {
                     name: "ibm-spectrum-cve20204406-clickjacking (179488)",
                     refsource: "XF",
                     title: "X-Force Vulnerability Report",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179488",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2020-4406",
      datePublished: "2020-06-15T13:25:25.338254Z",
      dateReserved: "2019-12-30T00:00:00",
      dateUpdated: "2024-09-17T00:15:44.616Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-4494
Vulnerability from cvelistv5
Published
2020-06-15 13:25
Modified
2024-09-17 02:41
Summary
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.
Impacted products
Vendor Product Version
IBM Spectrum Protect for Space Management (Linux) Version: 8.1.7.0
Version: 8.1.9.1
IBM Spectrum Protect for Space Management (AIX) Version: 8.1.9.0
Version: 8.1.9.1
IBM Spectrum Protect Client (AIX) Version: 8.1.9.0
Version: 8.1.9.1
IBM Spectrum Protect Client (Linux and Windows) Version: 8.1.7.0
Version: 8.1.9.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:07:48.819Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6221448",
               },
               {
                  name: "ibm-spectrum-cve20204494-info-disc (182019)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182019",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Spectrum Protect for Space Management (Linux)",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "8.1.7.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.9.1",
                  },
               ],
            },
            {
               product: "Spectrum Protect for Space Management (AIX)",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "8.1.9.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.9.1",
                  },
               ],
            },
            {
               product: "Spectrum Protect Client (AIX)",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "8.1.9.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.9.1",
                  },
               ],
            },
            {
               product: "Spectrum Protect Client (Linux and Windows)",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "8.1.7.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.9.1",
                  },
               ],
            },
         ],
         datePublic: "2020-06-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 6.5,
                  temporalSeverity: "MEDIUM",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/I:N/A:N/S:U/UI:N/C:H/AC:L/PR:N/AV:N/RL:O/RC:C/E:U",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Obtain Information",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-15T13:25:27",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.ibm.com/support/pages/node/6221448",
            },
            {
               name: "ibm-spectrum-cve20204494-info-disc (182019)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182019",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2020-06-12T00:00:00",
               ID: "CVE-2020-4494",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Spectrum Protect for Space Management (Linux)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.1.7.0",
                                       },
                                       {
                                          version_value: "8.1.9.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Spectrum Protect for Space Management (AIX)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.1.9.0",
                                       },
                                       {
                                          version_value: "8.1.9.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Spectrum Protect Client (AIX)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.1.9.0",
                                       },
                                       {
                                          version_value: "8.1.9.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Spectrum Protect Client (Linux and Windows)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.1.7.0",
                                       },
                                       {
                                          version_value: "8.1.9.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "N",
                     AC: "L",
                     AV: "N",
                     C: "H",
                     I: "N",
                     PR: "N",
                     S: "U",
                     UI: "N",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Obtain Information",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ibm.com/support/pages/node/6221448",
                     refsource: "CONFIRM",
                     title: "IBM Security Bulletin 6221448 (Spectrum Protect Client (Linux and Windows))",
                     url: "https://www.ibm.com/support/pages/node/6221448",
                  },
                  {
                     name: "ibm-spectrum-cve20204494-info-disc (182019)",
                     refsource: "XF",
                     title: "X-Force Vulnerability Report",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182019",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2020-4494",
      datePublished: "2020-06-15T13:25:27.712455Z",
      dateReserved: "2019-12-30T00:00:00",
      dateUpdated: "2024-09-17T02:41:34.476Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-33832
Vulnerability from cvelistv5
Published
2023-07-19 00:51
Modified
2024-10-21 14:09
Summary
IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. IBM X-Force ID: 256012.
Impacted products
Vendor Product Version
IBM Storage Protect Version: 8.1.0.0    8.1.17.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T15:54:12.475Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/7011761",
               },
               {
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/256012",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-33832",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-21T14:07:50.898246Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-21T14:09:02.331Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Storage Protect",
               vendor: "IBM",
               versions: [
                  {
                     lessThanOrEqual: "8.1.17.0",
                     status: "affected",
                     version: "8.1.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality.  IBM X-Force ID:  256012.",
                  },
               ],
               value: "IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality.  IBM X-Force ID:  256012.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-20",
                     description: "CWE-20 Improper Input Validation",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-19T00:51:17.495Z",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.ibm.com/support/pages/node/7011761",
            },
            {
               tags: [
                  "vdb-entry",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/256012",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "IBM Storage Protect denial of service",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2023-33832",
      datePublished: "2023-07-19T00:51:17.495Z",
      dateReserved: "2023-05-23T00:31:47.069Z",
      dateUpdated: "2024-10-21T14:09:02.331Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-1785
Vulnerability from cvelistv5
Published
2018-09-26 15:00
Modified
2024-09-16 17:04
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.
Impacted products
Vendor Product Version
IBM Spectrum Protect Version: 7.1
Version: 8.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:07:44.387Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.ibm.com/support/docview.wss?uid=ibm10729873",
               },
               {
                  name: "1041716",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1041716",
               },
               {
                  name: "ibm-tivoli-cve20181785-info-disc(148870)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148870",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Spectrum Protect",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "7.1",
                  },
                  {
                     status: "affected",
                     version: "8.1",
                  },
               ],
            },
         ],
         datePublic: "2018-09-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "LOW",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 3.2,
                  temporalSeverity: "LOW",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Obtain Information",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-09-27T09:57:01",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.ibm.com/support/docview.wss?uid=ibm10729873",
            },
            {
               name: "1041716",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1041716",
            },
            {
               name: "ibm-tivoli-cve20181785-info-disc(148870)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148870",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2018-09-24T00:00:00",
               ID: "CVE-2018-1785",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Spectrum Protect",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "7.1",
                                       },
                                       {
                                          version_value: "8.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "N",
                     AC: "H",
                     AV: "N",
                     C: "L",
                     I: "N",
                     PR: "N",
                     S: "U",
                     UI: "N",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Obtain Information",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.ibm.com/support/docview.wss?uid=ibm10729873",
                     refsource: "CONFIRM",
                     url: "http://www.ibm.com/support/docview.wss?uid=ibm10729873",
                  },
                  {
                     name: "1041716",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1041716",
                  },
                  {
                     name: "ibm-tivoli-cve20181785-info-disc(148870)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148870",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2018-1785",
      datePublished: "2018-09-26T15:00:00Z",
      dateReserved: "2017-12-13T00:00:00",
      dateUpdated: "2024-09-16T17:04:14.997Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-1545
Vulnerability from cvelistv5
Published
2018-09-26 15:00
Modified
2024-09-17 02:53
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.
Impacted products
Vendor Product Version
IBM Spectrum Protect Version: 7.1
Version: 8.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:07:43.312Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "ibm-tsm-cve20181545-info-disc(142649)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142649",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.ibm.com/support/docview.wss?uid=ibm10718013",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Spectrum Protect",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "7.1",
                  },
                  {
                     status: "affected",
                     version: "8.1",
                  },
               ],
            },
         ],
         datePublic: "2018-09-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 5.2,
                  temporalSeverity: "MEDIUM",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Obtain Information",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-09-26T14:57:01",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               name: "ibm-tsm-cve20181545-info-disc(142649)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142649",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.ibm.com/support/docview.wss?uid=ibm10718013",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2018-09-24T00:00:00",
               ID: "CVE-2018-1545",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Spectrum Protect",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "7.1",
                                       },
                                       {
                                          version_value: "8.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "N",
                     AC: "H",
                     AV: "N",
                     C: "H",
                     I: "N",
                     PR: "N",
                     S: "U",
                     UI: "N",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Obtain Information",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "ibm-tsm-cve20181545-info-disc(142649)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142649",
                  },
                  {
                     name: "http://www.ibm.com/support/docview.wss?uid=ibm10718013",
                     refsource: "CONFIRM",
                     url: "http://www.ibm.com/support/docview.wss?uid=ibm10718013",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2018-1545",
      datePublished: "2018-09-26T15:00:00Z",
      dateReserved: "2017-12-13T00:00:00",
      dateUpdated: "2024-09-17T02:53:23.872Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-22474
Vulnerability from cvelistv5
Published
2022-06-30 16:25
Modified
2024-09-16 17:07
Summary
IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348.
Impacted products
Vendor Product Version
IBM Spectrum Protect Client Version: 8.1.0.0
Version: 8.1.14.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T03:14:55.264Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6596741",
               },
               {
                  name: "ibm-spectrum-cve202222474-dos (225348)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225348",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Spectrum Protect Client",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "8.1.0.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.14.0",
                  },
               ],
            },
         ],
         datePublic: "2022-06-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 5.2,
                  temporalSeverity: "MEDIUM",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/A:H/S:U/AV:N/UI:N/AC:H/C:N/I:N/PR:N/RC:C/E:U/RL:O",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Denial of Service",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-06-30T16:25:16",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.ibm.com/support/pages/node/6596741",
            },
            {
               name: "ibm-spectrum-cve202222474-dos (225348)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225348",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2022-06-29T00:00:00",
               ID: "CVE-2022-22474",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Spectrum Protect Client",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.1.0.0",
                                       },
                                       {
                                          version_value: "8.1.14.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348.",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "H",
                     AC: "H",
                     AV: "N",
                     C: "N",
                     I: "N",
                     PR: "N",
                     S: "U",
                     UI: "N",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Denial of Service",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ibm.com/support/pages/node/6596741",
                     refsource: "CONFIRM",
                     title: "IBM Security Bulletin 6596741 (Spectrum Protect Client)",
                     url: "https://www.ibm.com/support/pages/node/6596741",
                  },
                  {
                     name: "ibm-spectrum-cve202222474-dos (225348)",
                     refsource: "XF",
                     title: "X-Force Vulnerability Report",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225348",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2022-22474",
      datePublished: "2022-06-30T16:25:16.784364Z",
      dateReserved: "2022-01-03T00:00:00",
      dateUpdated: "2024-09-16T17:07:59.406Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-22478
Vulnerability from cvelistv5
Published
2022-06-30 16:25
Modified
2024-09-16 20:32
Summary
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.
Impacted products
Vendor Product Version
IBM Spectrum Protect Client Version: 8.1.0.0
Version: 8.1.14.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T03:14:55.176Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6596741",
               },
               {
                  name: "ibm-spectrum-cve202222478-info-disc (225886)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225886",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Spectrum Protect Client",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "8.1.0.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.14.0",
                  },
               ],
            },
         ],
         datePublic: "2022-06-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 6.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 5.4,
                  temporalSeverity: "MEDIUM",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/C:H/I:N/PR:N/AV:L/AC:L/UI:N/S:U/A:N/RL:O/RC:C/E:U",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Obtain Information",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-06-30T16:25:21",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.ibm.com/support/pages/node/6596741",
            },
            {
               name: "ibm-spectrum-cve202222478-info-disc (225886)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225886",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2022-06-29T00:00:00",
               ID: "CVE-2022-22478",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Spectrum Protect Client",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.1.0.0",
                                       },
                                       {
                                          version_value: "8.1.14.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "N",
                     AC: "L",
                     AV: "L",
                     C: "H",
                     I: "N",
                     PR: "N",
                     S: "U",
                     UI: "N",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Obtain Information",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ibm.com/support/pages/node/6596741",
                     refsource: "CONFIRM",
                     title: "IBM Security Bulletin 6596741 (Spectrum Protect Client)",
                     url: "https://www.ibm.com/support/pages/node/6596741",
                  },
                  {
                     name: "ibm-spectrum-cve202222478-info-disc (225886)",
                     refsource: "XF",
                     title: "X-Force Vulnerability Report",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225886",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2022-22478",
      datePublished: "2022-06-30T16:25:21.094393Z",
      dateReserved: "2022-01-03T00:00:00",
      dateUpdated: "2024-09-16T20:32:09.329Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-20546
Vulnerability from cvelistv5
Published
2021-04-26 16:30
Modified
2024-09-16 19:19
Summary
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934
Impacted products
Vendor Product Version
IBM Spectrum Protect for Space Management Version: 8.1.0.0
Version: 8.1.11.0
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T17:45:44.293Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.ibm.com/support/pages/node/6445497",
               },
               {
                  name: "ibm-spectrum-cve202120546-bo (198934)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198934",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Spectrum Protect for Space Management",
               vendor: "IBM",
               versions: [
                  {
                     status: "affected",
                     version: "8.1.0.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.11.0",
                  },
               ],
            },
         ],
         datePublic: "2021-04-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitCodeMaturity: "UNPROVEN",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  remediationLevel: "OFFICIAL_FIX",
                  reportConfidence: "CONFIRMED",
                  scope: "UNCHANGED",
                  temporalScore: 5.4,
                  temporalSeverity: "MEDIUM",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/A:H/S:U/I:N/UI:N/AV:L/AC:L/C:N/PR:N/RL:O/RC:C/E:U",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Denial of Service",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-04-26T16:30:44",
            orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
            shortName: "ibm",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.ibm.com/support/pages/node/6445497",
            },
            {
               name: "ibm-spectrum-cve202120546-bo (198934)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198934",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@us.ibm.com",
               DATE_PUBLIC: "2021-04-23T00:00:00",
               ID: "CVE-2021-20546",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Spectrum Protect for Space Management",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "8.1.0.0",
                                       },
                                       {
                                          version_value: "8.1.11.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "IBM",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934",
                  },
               ],
            },
            impact: {
               cvssv3: {
                  BM: {
                     A: "H",
                     AC: "L",
                     AV: "L",
                     C: "N",
                     I: "N",
                     PR: "N",
                     S: "U",
                     UI: "N",
                  },
                  TM: {
                     E: "U",
                     RC: "C",
                     RL: "O",
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Denial of Service",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.ibm.com/support/pages/node/6445497",
                     refsource: "CONFIRM",
                     title: "IBM Security Bulletin 6445497 (Spectrum Protect for Space Management)",
                     url: "https://www.ibm.com/support/pages/node/6445497",
                  },
                  {
                     name: "ibm-spectrum-cve202120546-bo (198934)",
                     refsource: "XF",
                     title: "X-Force Vulnerability Report",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198934",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522",
      assignerShortName: "ibm",
      cveId: "CVE-2021-20546",
      datePublished: "2021-04-26T16:30:44.990531Z",
      dateReserved: "2020-12-17T00:00:00",
      dateUpdated: "2024-09-16T19:19:34.477Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2021-04-26 17:15
Modified
2024-11-21 06:01
Summary
IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC8077DA-B6EF-49D6-BB96-7902E1E2DAEB",
                     versionEndIncluding: "8.1.11.0",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_space_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "947CD7E1-82FC-4883-BECD-BC764C3720C2",
                     versionEndIncluding: "8.1.11.0",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479",
      },
      {
         lang: "es",
         value: "IBM Spectrum Protect Client versiones 8.1.0.0-8 hasta 1.11.0, es vulnerable a un desbordamiento del búfer en la región stack de la memoria, causado por una comprobación de límites inapropiada al procesar la configuración local actual. Un atacante local podría desbordar un búfer y ejecutar código arbitrario en el sistema con privilegios elevados o causar que la aplicación se bloquee. IBM X-Force ID: 199479",
      },
   ],
   id: "CVE-2021-29672",
   lastModified: "2024-11-21T06:01:37.297",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 8.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.5,
            impactScore: 5.9,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-04-26T17:15:08.833",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199479",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-02",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6445497",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/199479",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-02",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6445497",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-09-26 15:29
Modified
2024-11-21 03:59
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E53BA560-7C88-47FE-AF8B-C72AD6DB9EEC",
                     versionEndIncluding: "7.1.8.2",
                     versionStartIncluding: "7.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EECD508A-E250-4AC3-BECD-F3F956A7E897",
                     versionEndIncluding: "8.1.4.1",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:hyper-v:*:*",
                     matchCriteriaId: "0E542501-5E67-4324-9417-A76F9F044FEF",
                     versionEndIncluding: "7.1.8.0",
                     versionStartIncluding: "7.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:vmware:*:*",
                     matchCriteriaId: "88858B46-CC87-49B7-A037-DE9477A924F0",
                     versionEndIncluding: "7.1.8.2",
                     versionStartIncluding: "7.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:hyper-v:*:*",
                     matchCriteriaId: "E4626711-BD4F-4B6F-9804-AAC4A23157B4",
                     versionEndIncluding: "8.1.4.0",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:vmware:*:*",
                     matchCriteriaId: "D2FD41DB-726D-4A5B-912C-6DE81A36E8B9",
                     versionEndIncluding: "8.1.4.1",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F746BC96-C46F-4BA3-B6FB-0EF0677AF3B6",
                     versionEndIncluding: "8.1.4.2",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 142649.",
      },
      {
         lang: "es",
         value: "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 y 8.1) emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 142649.",
      },
   ],
   id: "CVE-2018-1545",
   lastModified: "2024-11-21T03:59:59.380",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-09-26T15:29:00.247",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.ibm.com/support/docview.wss?uid=ibm10718013",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142649",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.ibm.com/support/docview.wss?uid=ibm10718013",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/142649",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-326",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-06-30 17:15
Modified
2024-11-21 06:46
Summary
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "21FDA430-328E-4EF0-B816-1ECD2CB5566B",
                     versionEndIncluding: "8.1.14.0",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F480AA32-841A-4E68-9343-B2E7548B0A0C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
                     matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.",
      },
      {
         lang: "es",
         value: "IBM Spectrum Protect Client versiones 8.1.0.0 hasta 8.1.14.0, almacena las credenciales de usuario en texto sin cifrar que puede leer un usuario local. IBM X-Force ID: 225886",
      },
   ],
   id: "CVE-2022-22478",
   lastModified: "2024-11-21T06:46:52.097",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 6.2,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.5,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-06-30T17:15:07.797",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225886",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6596741",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225886",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6596741",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-312",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-19 01:15
Modified
2024-11-21 08:06
Summary
IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. IBM X-Force ID: 256012.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "026E0DA7-7069-41A4-A6C3-A5E5DC7DD138",
                     versionEndIncluding: "8.1.17.0",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_space_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B777AAC-5B05-4FAB-860C-5042B36E1D67",
                     versionEndIncluding: "8.1.17.0",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B371E35A-1EE9-4592-9A20-D52C07F5E534",
                     versionEndIncluding: "8.1.17.0",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality.  IBM X-Force ID:  256012.",
      },
   ],
   id: "CVE-2023-33832",
   lastModified: "2024-11-21T08:06:02.760",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.2,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.5,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 4.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-19T01:15:10.197",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/256012",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7011761",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/256012",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/7011761",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "psirt@us.ibm.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-367",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-09-26 15:29
Modified
2024-11-21 04:00
Summary
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D0F55E8-F303-494B-948D-D19E6B5C7BE0",
                     versionEndIncluding: "7.1.8.3",
                     versionStartIncluding: "7.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EECD508A-E250-4AC3-BECD-F3F956A7E897",
                     versionEndIncluding: "8.1.4.1",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:hyper-v:*:*",
                     matchCriteriaId: "0E542501-5E67-4324-9417-A76F9F044FEF",
                     versionEndIncluding: "7.1.8.0",
                     versionStartIncluding: "7.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:vmware:*:*",
                     matchCriteriaId: "88858B46-CC87-49B7-A037-DE9477A924F0",
                     versionEndIncluding: "7.1.8.2",
                     versionStartIncluding: "7.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:hyper-v:*:*",
                     matchCriteriaId: "E4626711-BD4F-4B6F-9804-AAC4A23157B4",
                     versionEndIncluding: "8.1.4.0",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_virtual_environments:*:*:*:*:*:vmware:*:*",
                     matchCriteriaId: "D2FD41DB-726D-4A5B-912C-6DE81A36E8B9",
                     versionEndIncluding: "8.1.4.1",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F746BC96-C46F-4BA3-B6FB-0EF0677AF3B6",
                     versionEndIncluding: "8.1.4.2",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 148870.",
      },
      {
         lang: "es",
         value: "IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 y 8.1) emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información sensible. IBM X-Force ID: 148870.",
      },
   ],
   id: "CVE-2018-1785",
   lastModified: "2024-11-21T04:00:21.957",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-09-26T15:29:01.090",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.ibm.com/support/docview.wss?uid=ibm10729873",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1041716",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148870",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.ibm.com/support/docview.wss?uid=ibm10729873",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1041716",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/148870",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-326",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-06-30 17:15
Modified
2024-11-21 06:46
Summary
IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348.
Impacted products
Vendor Product Version
ibm spectrum_protect_client *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "21FDA430-328E-4EF0-B816-1ECD2CB5566B",
                     versionEndIncluding: "8.1.14.0",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348.",
      },
      {
         lang: "es",
         value: "Los procesos dsmcad, dsmc y dsmcsvc de IBM Spectrum Protect versiones 8.1.0.0 hasta 8.1.14.0, manejan inapropiadamente determinadas operaciones de lectura en sockets TCP/IP. Esto puede resultar en una denegación de servicio para las operaciones de cliente de IBM Spectrum Protect. IBM X-Force ID: 225348",
      },
   ],
   id: "CVE-2022-22474",
   lastModified: "2024-11-21T06:46:51.597",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-06-30T17:15:07.753",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225348",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6596741",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/225348",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6596741",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-15 14:15
Modified
2024-11-21 05:32
Summary
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "14EF91C6-75B3-479A-8125-6B7244787FCB",
                     versionEndIncluding: "8.1.9.1",
                     versionStartIncluding: "8.1.7.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D3CA52E-2C63-4156-9A85-A171628BC108",
                     versionEndIncluding: "8.1.9.1",
                     versionStartIncluding: "8.1.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_space_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8623C0AC-522B-47EE-8154-FF30083623A6",
                     versionEndIncluding: "8.1.9.1",
                     versionStartIncluding: "8.1.7.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_space_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "78F6862B-F389-49A8-BF2B-16D2E9EF5416",
                     versionEndIncluding: "8.1.9.1",
                     versionStartIncluding: "8.1.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.",
      },
      {
         lang: "es",
         value: "IBM Spectrum Protect Client versiones 8.1.7.0 hasta 8.1.9.1 (Linux y Windows), versiones 8.1.9.0 hasta 8.1.9.1 (AIX) e IBM Spectrum Protect para Space Management versiones 8.1.7.0 hasta 8.1.9.1 (Linux), versiones 8.1.9.0 hasta 8.1.9.1 (AIX), las interfaces de usuario web podrían permitir a un atacante omitir la autenticación debido a una comprobación de sesión inapropiada que puede resultar en un acceso a recursos no autorizados. IBM X-Force ID: 182019",
      },
   ],
   id: "CVE-2020-4494",
   lastModified: "2024-11-21T05:32:48.627",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-15T14:15:12.363",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182019",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6221448",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/182019",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6221448",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-06-15 14:15
Modified
2024-11-21 05:32
Summary
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "14EF91C6-75B3-479A-8125-6B7244787FCB",
                     versionEndIncluding: "8.1.9.1",
                     versionStartIncluding: "8.1.7.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D3CA52E-2C63-4156-9A85-A171628BC108",
                     versionEndIncluding: "8.1.9.1",
                     versionStartIncluding: "8.1.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_space_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8623C0AC-522B-47EE-8154-FF30083623A6",
                     versionEndIncluding: "8.1.9.1",
                     versionStartIncluding: "8.1.7.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_space_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "78F6862B-F389-49A8-BF2B-16D2E9EF5416",
                     versionEndIncluding: "8.1.9.1",
                     versionStartIncluding: "8.1.9.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.",
      },
      {
         lang: "es",
         value: "IBM Spectrum Protect Client versiones 8.1.7.0 hasta 8.1.9.1 (Linux y Windows), versiones 8.1.9.0 hasta 8.1.9.1 (AIX) e IBM Spectrum Protect para Space Management versiones 8.1.7.0 hasta 8.1.9.1 (Linux), versiones 8.1.9.0 hasta 8.1.9.1 (AIX), las interfaces de usuario web podrían permitir a un atacante remoto secuestrar la acción de clic de la víctima. Al persuadir a una víctima para que visite un sitio Web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de clic de la víctima y posiblemente iniciar nuevos ataques contra la víctima. IBM X-Force ID: 179488",
      },
   ],
   id: "CVE-2020-4406",
   lastModified: "2024-11-21T05:32:42.063",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.3,
            impactScore: 2.7,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.3,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-06-15T14:15:11.910",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179488",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6221448",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/179488",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6221448",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-1021",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-04-26 17:15
Modified
2024-11-21 05:46
Summary
IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC8077DA-B6EF-49D6-BB96-7902E1E2DAEB",
                     versionEndIncluding: "8.1.11.0",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ibm:spectrum_protect_for_space_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "947CD7E1-82FC-4883-BECD-BC764C3720C2",
                     versionEndIncluding: "8.1.11.0",
                     versionStartIncluding: "8.1.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934",
      },
      {
         lang: "es",
         value: "IBM Spectrum Protect Client versiones 8.1.0.0 hasta 8.1.11.0, es vulnerable a un desbordamiento de búfer en la región stack de la memoria, causado por una comprobación de límites inapropiada. Un atacante local podría desbordar un búfer y causar que la aplicación se bloquee. IBM X-Force ID: 198934",
      },
   ],
   id: "CVE-2021-20546",
   lastModified: "2024-11-21T05:46:45.347",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.2,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.5,
            impactScore: 3.6,
            source: "psirt@us.ibm.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-04-26T17:15:08.043",
   references: [
      {
         source: "psirt@us.ibm.com",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198934",
      },
      {
         source: "psirt@us.ibm.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6445497",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "VDB Entry",
            "Vendor Advisory",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198934",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.ibm.com/support/pages/node/6445497",
      },
   ],
   sourceIdentifier: "psirt@us.ibm.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}