Search criteria
39 vulnerabilities found for spectrum_protect_operations_center by ibm
FKIE_CVE-2022-22494
Vulnerability from fkie_nvd - Published: 2022-06-30 17:15 - Updated: 2024-11-21 06:46
Severity ?
Summary
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/226940 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6596883 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/226940 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6596883 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | spectrum_protect_operations_center | * | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B4D03E-C69B-4ECA-820C-27659A132230",
"versionEndIncluding": "8.1.14.000",
"versionStartIncluding": "8.1.0.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940."
},
{
"lang": "es",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 hasta 8.1.14, podr\u00eda permitir a un atacante remoto conseguir detalles de la base de datos, como el tipo y la versi\u00f3n, mediante el env\u00edo de una petici\u00f3n HTTP especialmente dise\u00f1ada. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques. IBM X-Force ID: 226940"
}
],
"id": "CVE-2022-22494",
"lastModified": "2024-11-21T06:46:53.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-30T17:15:07.883",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226940"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6596883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6596883"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22485
Vulnerability from fkie_nvd - Published: 2022-06-17 16:15 - Updated: 2024-11-21 06:46
Severity ?
Summary
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/226325 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6595655 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/226325 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6595655 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | spectrum_protect_operations_center | * | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B4D03E-C69B-4ECA-820C-27659A132230",
"versionEndIncluding": "8.1.14.000",
"versionStartIncluding": "8.1.0.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator\u0027s invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325."
},
{
"lang": "es",
"value": "En algunos casos, un intento fallido de iniciar sesi\u00f3n en IBM Spectrum Protect Operations Center versiones 8.1.0.000 hasta 8.1.14.000, no causa que el recuento de inicios de sesi\u00f3n no v\u00e1lidos del administrador sea incrementado en el servidor de IBM Spectrum Protect. Un atacante podr\u00eda aprovechar esta vulnerabilidad usando t\u00e9cnicas de fuerza bruta para conseguir acceso administrativo no autorizado al servidor IBM Spectrum Protect. IBM X-Force ID: 226325"
}
],
"id": "CVE-2022-22485",
"lastModified": "2024-11-21T06:46:53.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-17T16:15:08.563",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6595655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6595655"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22348
Vulnerability from fkie_nvd - Published: 2022-03-14 17:15 - Updated: 2024-11-21 06:46
Severity ?
Summary
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/220139 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6562855 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/220139 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6562855 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | spectrum_protect_operations_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC9C0C4-203B-4240-9DC2-D231C8B2F884",
"versionEndExcluding": "8.1.14.000",
"versionStartIncluding": "8.1.0.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139."
},
{
"lang": "es",
"value": "IBM Spectrum Protect Operations Center versiones 8.1.0.000 hasta 8.1.13.xxx, es vulnerable un tabnabbing inverso, que podr\u00eda permitir reescribir una p\u00e1gina enlazada desde Operations Center. Un administrador podr\u00eda introducir un enlace a una URL maliciosa en la que otro administrador podr\u00eda hacer clic. Una vez hecho el clic, esa URL maliciosa podr\u00eda reescribir la p\u00e1gina original con una p\u00e1gina de phishing. IBM X-Force ID: 220139"
}
],
"id": "CVE-2022-22348",
"lastModified": "2024-11-21T06:46:40.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.4,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T17:15:07.950",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220139"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6562855"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-22346
Vulnerability from fkie_nvd - Published: 2022-03-14 17:15 - Updated: 2024-11-21 06:46
Severity ?
Summary
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/220048 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6562855 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/220048 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6562855 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | spectrum_protect_operations_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC9C0C4-203B-4240-9DC2-D231C8B2F884",
"versionEndExcluding": "8.1.14.000",
"versionStartIncluding": "8.1.0.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048."
},
{
"lang": "es",
"value": "IBM Spectrum Protect Operations Center versiones 8.1.0.000 hasta 8.1.13.xxx, es vulnerable a una vulnerabilidad de tipo cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario del que el sitio web conf\u00eda. IBM X-Force ID: 220048"
}
],
"id": "CVE-2022-22346",
"lastModified": "2024-11-21T06:46:40.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-14T17:15:07.910",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220048"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6562855"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-38901
Vulnerability from fkie_nvd - Published: 2021-12-13 19:15 - Updated: 2024-11-21 06:18
Severity ?
Summary
IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/209610 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6524924 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/209610 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6524924 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | spectrum_protect_operations_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DA1F77-2ADA-4472-9914-419654603B2A",
"versionEndExcluding": "7.1.14",
"versionStartIncluding": "7.1.0.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610."
},
{
"lang": "es",
"value": "IBM Spectrum Protect Operations Center versi\u00f3n 7.1, bajo configuraciones especiales, podr\u00eda permitir a un usuario local obtener informaci\u00f3n altamente confidencial. IBM X-Force ID: 209610"
}
],
"id": "CVE-2021-38901",
"lastModified": "2024-11-21T06:18:10.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-13T19:15:07.893",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209610"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6524924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6524924"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4954
Vulnerability from fkie_nvd - Published: 2021-02-15 15:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/192153 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6404966 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/192153 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6404966 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | spectrum_protect_operations_center | * | |
| ibm | spectrum_protect_operations_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA5A26F-E555-4401-8A74-C693D96BE215",
"versionEndExcluding": "7.1.13.000",
"versionStartIncluding": "7.1.0.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74404BEF-3CD4-4731-A9E2-4A4A913B82ED",
"versionEndExcluding": "8.1.10.200",
"versionStartIncluding": "8.1.0.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153."
},
{
"lang": "es",
"value": "IBM Spectrum Protect Operations Center versiones 7.1 y 8.1, podr\u00edan permitir a un atacante remoto omitir unas restricciones de autenticaci\u00f3n, causadas por una comprobaci\u00f3n inapropiada de la sesi\u00f3n.\u0026#xa0;Al usar el panel de configuraci\u00f3n para obtener una sesi\u00f3n v\u00e1lida usando un servidor IBM Spectrum Protect controlado por un atacante, un atacante podr\u00eda explotar esta vulnerabilidad para omitir la autenticaci\u00f3n y conseguir acceso a un n\u00famero limitado de funciones de depuraci\u00f3n, como los niveles de registro.\u0026#xa0;IBM X-Force ID: 192153"
}
],
"id": "CVE-2020-4954",
"lastModified": "2024-11-21T05:33:28.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-15T15:15:13.493",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192153"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4955
Vulnerability from fkie_nvd - Published: 2021-02-15 15:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/192155 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6404966 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/192155 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6404966 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | spectrum_protect_operations_center | * | |
| ibm | spectrum_protect_operations_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA5A26F-E555-4401-8A74-C693D96BE215",
"versionEndExcluding": "7.1.13.000",
"versionStartIncluding": "7.1.0.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74404BEF-3CD4-4731-A9E2-4A4A913B82ED",
"versionEndExcluding": "8.1.10.200",
"versionStartIncluding": "8.1.0.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155."
},
{
"lang": "es",
"value": "IBM Spectrum Protect Operations Center versiones 7.1 y 8.1, podr\u00eda permitir a un atacante remoto ejecutar c\u00f3digo arbitrario en el sistema, causado por una comprobaci\u00f3n inapropiada de par\u00e1metros.\u0026#xa0;Al crear una petici\u00f3n de servlet no especificada con par\u00e1metros de entrada especialmente dise\u00f1ados, un atacante podr\u00eda explotar esta vulnerabilidad para cargar un archivo .dll malicioso con privilegios elevados.\u0026#xa0;IBM X-Force ID: 192155"
}
],
"id": "CVE-2020-4955",
"lastModified": "2024-11-21T05:33:28.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-15T15:15:13.667",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4956
Vulnerability from fkie_nvd - Published: 2021-02-15 15:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/192156 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6404966 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/192156 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6404966 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | spectrum_protect_operations_center | * | |
| ibm | spectrum_protect_operations_center | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA5A26F-E555-4401-8A74-C693D96BE215",
"versionEndExcluding": "7.1.13.000",
"versionStartIncluding": "7.1.0.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74404BEF-3CD4-4731-A9E2-4A4A913B82ED",
"versionEndExcluding": "8.1.10.200",
"versionStartIncluding": "8.1.0.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156."
},
{
"lang": "es",
"value": "IBM Spectrum Protect Operations Center versiones 7.1 y 8.1, es vulnerable a una denegaci\u00f3n de servicio, causada por un RPC que permite a determinados valores de cach\u00e9 ser ajustada y ser volcada a un archivo.\u0026#xa0;Al ajustar un valor de cach\u00e9 enormemente grande y volcar ese valor en cach\u00e9 en un archivo m\u00faltiples veces, un atacante remoto podr\u00eda explotar esta vulnerabilidad para causar el consumo de todos los recursos de memoria.\u0026#xa0;IBM X-Force ID: 192156"
}
],
"id": "CVE-2020-4956",
"lastModified": "2024-11-21T05:33:28.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-15T15:15:13.760",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192156"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4771
Vulnerability from fkie_nvd - Published: 2020-11-23 17:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/188993 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6369101 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/188993 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6369101 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | spectrum_protect_operations_center | * | |
| ibm | spectrum_protect_operations_center | * | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76B10132-5BE6-47E5-8290-D9A514D3F34C",
"versionEndIncluding": "7.1.11",
"versionStartIncluding": "7.1.0.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8819DE48-E5EC-4D96-948B-BC382B6344B1",
"versionEndIncluding": "8.1.10",
"versionStartIncluding": "8.1.0.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993."
},
{
"lang": "es",
"value": "IBM Spectrum Protect Operations Center versiones 8.1.0.000 hasta 8.1.10. Y versiones 7.1.0.000 hasta 7.1.11, podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial, causada por una autenticaci\u00f3n incorrecta de un endpoint de websocket.\u0026#xa0;Mediante el uso de herramientas conocidas para suscribirse al flujo de eventos de websocket, un atacante podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n confidencial.\u0026#xa0;IBM X-Force ID: 188993"
}
],
"id": "CVE-2020-4771",
"lastModified": "2024-11-21T05:33:13.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-23T17:15:12.500",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188993"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6369101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6369101"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-4693
Vulnerability from fkie_nvd - Published: 2020-09-02 19:15 - Updated: 2024-11-21 05:33
Severity ?
Summary
IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/186782 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6325341 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/186782 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6325341 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | spectrum_protect_operations_center | * | |
| ibm | spectrum_protect_operations_center | * | |
| ibm | aix | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5467AB4E-E033-4B58-AAD9-0C7A2253ED49",
"versionEndIncluding": "7.1.10.000",
"versionStartIncluding": "7.1.0.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:spectrum_protect_operations_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45FC217B-027E-4586-BA2D-DF5E706A4218",
"versionEndIncluding": "8.1.9.000",
"versionStartIncluding": "8.1.0.000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782."
},
{
"lang": "es",
"value": "IBM Spectrum Protect Operations Center versiones 7.1.0.000 hasta 7.1.10 y versiones 8.1.0.000 hasta 8.1.9, puede permitir a un atacante ejecutar c\u00f3digo arbitrario en el sistema, causado por una comprobaci\u00f3n inapropiada de los datos antes de la exportaci\u00f3n. IBM X-Force ID: 186782"
}
],
"id": "CVE-2020-4693",
"lastModified": "2024-11-21T05:33:08.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-02T19:15:18.487",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186782"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6325341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6325341"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-22494 (GCVE-0-2022-22494)
Vulnerability from cvelistv5 – Published: 2022-06-30 16:50 – Updated: 2024-09-16 23:11
VLAI?
Summary
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1.0.000
Affected: 8.1.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6596883"
},
{
"name": "ibm-spectrum-cve202222494-info-disc (226940)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.14"
}
]
}
],
"datePublic": "2022-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.2,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:N/AV:N/S:U/AC:H/C:L/A:N/UI:N/I:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T16:50:34",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6596883"
},
{
"name": "ibm-spectrum-cve202222494-info-disc (226940)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-29T00:00:00",
"ID": "CVE-2022-22494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.14"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6596883",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6596883 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6596883"
},
{
"name": "ibm-spectrum-cve202222494-info-disc (226940)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22494",
"datePublished": "2022-06-30T16:50:34.927957Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:11:21.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22485 (GCVE-0-2022-22485)
Vulnerability from cvelistv5 – Published: 2022-06-17 15:20 – Updated: 2024-09-17 00:10
VLAI?
Summary
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1.0.000
Affected: 8.1.14.000 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6595655"
},
{
"name": "ibm-spectrum-cve202222485-info-disc (226325)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.14.000"
}
]
}
],
"datePublic": "2022-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator\u0027s invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/S:U/UI:N/AV:N/A:N/I:N/C:H/PR:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-17T15:20:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6595655"
},
{
"name": "ibm-spectrum-cve202222485-info-disc (226325)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-16T00:00:00",
"ID": "CVE-2022-22485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.14.000"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator\u0027s invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6595655",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6595655 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6595655"
},
{
"name": "ibm-spectrum-cve202222485-info-disc (226325)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22485",
"datePublished": "2022-06-17T15:20:14.355385Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:10:27.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22348 (GCVE-0-2022-22348)
Vulnerability from cvelistv5 – Published: 2022-03-14 17:00 – Updated: 2024-09-16 19:31
VLAI?
Summary
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1.0.000
Affected: 8.1.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:54.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"name": "ibm-spectrum-cve202222348-info-disc (220139)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.13"
}
]
}
],
"datePublic": "2022-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/A:N/AV:L/I:L/S:U/UI:N/PR:N/AC:H/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T17:00:24",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"name": "ibm-spectrum-cve202222348-info-disc (220139)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220139"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-11T00:00:00",
"ID": "CVE-2022-22348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.13"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "L",
"C": "L",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6562855",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6562855 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"name": "ibm-spectrum-cve202222348-info-disc (220139)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220139"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22348",
"datePublished": "2022-03-14T17:00:24.258848Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:31:22.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22346 (GCVE-0-2022-22346)
Vulnerability from cvelistv5 – Published: 2022-03-14 17:00 – Updated: 2024-09-16 20:38
VLAI?
Summary
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1.0.000
Affected: 8.1.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:54.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"name": "ibm-spectrum-cve202222346-csrf (220048)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.13"
}
]
}
],
"datePublic": "2022-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/S:U/I:L/UI:R/AC:L/PR:N/C:N/AV:N/A:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T17:00:22",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"name": "ibm-spectrum-cve202222346-csrf (220048)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-11T00:00:00",
"ID": "CVE-2022-22346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.13"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6562855",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6562855 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"name": "ibm-spectrum-cve202222346-csrf (220048)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22346",
"datePublished": "2022-03-14T17:00:22.782052Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T20:38:06.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38901 (GCVE-0-2021-38901)
Vulnerability from cvelistv5 – Published: 2021-12-13 18:35 – Updated: 2024-09-17 00:40
VLAI?
Summary
IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
7.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6524924"
},
{
"name": "ibm-spectrum-cve202138901-info-disc (209610)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209610"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
}
]
}
],
"datePublic": "2021-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/A:N/PR:N/S:U/C:H/I:N/AV:L/UI:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-13T18:35:30",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6524924"
},
{
"name": "ibm-spectrum-cve202138901-info-disc (209610)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209610"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-12-10T00:00:00",
"ID": "CVE-2021-38901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6524924",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6524924 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6524924"
},
{
"name": "ibm-spectrum-cve202138901-info-disc (209610)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209610"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-38901",
"datePublished": "2021-12-13T18:35:30.543202Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T00:40:53.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4956 (GCVE-0-2020-4956)
Vulnerability from cvelistv5 – Published: 2021-02-15 15:05 – Updated: 2024-09-17 00:25
VLAI?
Summary
IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1
Affected: 7.1 Affected: 8.1.10.100 Affected: 7.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204956-dos (192156)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1.10.100"
},
{
"status": "affected",
"version": "7.1.12"
}
]
}
],
"datePublic": "2021-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:N/I:N/PR:L/AV:A/UI:N/A:H/S:U/AC:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-15T15:06:10",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204956-dos (192156)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-02-12T00:00:00",
"ID": "CVE-2020-4956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "7.1"
},
{
"version_value": "8.1.10.100"
},
{
"version_value": "7.1.12"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "A",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6404966",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6404966 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204956-dos (192156)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4956",
"datePublished": "2021-02-15T15:05:21.174907Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T00:25:43.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4955 (GCVE-0-2020-4955)
Vulnerability from cvelistv5 – Published: 2021-02-15 15:05 – Updated: 2024-09-17 02:31
VLAI?
Summary
IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1
Affected: 7.1 Affected: 8.1.10.100 Affected: 7.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204955-code-exec (192155)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1.10.100"
},
{
"status": "affected",
"version": "7.1.12"
}
]
}
],
"datePublic": "2021-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/S:C/A:H/AC:H/PR:L/UI:N/AV:A/I:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-15T15:06:11",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204955-code-exec (192155)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-02-12T00:00:00",
"ID": "CVE-2020-4955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "7.1"
},
{
"version_value": "8.1.10.100"
},
{
"version_value": "7.1.12"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "A",
"C": "H",
"I": "H",
"PR": "L",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6404966",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6404966 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204955-code-exec (192155)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4955",
"datePublished": "2021-02-15T15:05:20.081987Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T02:31:23.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4954 (GCVE-0-2020-4954)
Vulnerability from cvelistv5 – Published: 2021-02-15 15:05 – Updated: 2024-09-17 01:21
VLAI?
Summary
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.
Severity ?
CWE
- Bypass Security
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1
Affected: 7.1 Affected: 8.1.10.100 Affected: 7.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204954-auth-bypass (192153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1.10.100"
},
{
"status": "affected",
"version": "7.1.12"
}
]
}
],
"datePublic": "2021-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.7,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/I:L/AV:A/PR:N/UI:N/S:U/AC:H/A:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-15T15:06:11",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204954-auth-bypass (192153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-02-12T00:00:00",
"ID": "CVE-2020-4954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "7.1"
},
{
"version_value": "8.1.10.100"
},
{
"version_value": "7.1.12"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "A",
"C": "L",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6404966",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6404966 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204954-auth-bypass (192153)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4954",
"datePublished": "2021-02-15T15:05:19.339316Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T01:21:33.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4771 (GCVE-0-2020-4771)
Vulnerability from cvelistv5 – Published: 2020-11-23 16:55 – Updated: 2024-09-17 02:00
VLAI?
Summary
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1
Affected: 8.1.10 Affected: 7.1 Affected: 7.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6369101"
},
{
"name": "ibm-spectrum-cve20204771-info-disc (188993)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "8.1.10"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.1.11"
}
]
}
],
"datePublic": "2020-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/A:N/AV:N/AC:L/UI:N/PR:N/S:U/I:N/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-23T16:55:19",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6369101"
},
{
"name": "ibm-spectrum-cve20204771-info-disc (188993)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-11-20T00:00:00",
"ID": "CVE-2020-4771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "8.1.10"
},
{
"version_value": "7.1"
},
{
"version_value": "7.1.11"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6369101",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6369101 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6369101"
},
{
"name": "ibm-spectrum-cve20204771-info-disc (188993)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4771",
"datePublished": "2020-11-23T16:55:19.824419Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T02:00:53.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4693 (GCVE-0-2020-4693)
Vulnerability from cvelistv5 – Published: 2020-09-02 18:25 – Updated: 2024-09-17 03:07
VLAI?
Summary
IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782.
Severity ?
9.1 (Critical)
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
7.1.0.000
Affected: 8.1.0.000 Affected: 7.1.10 Affected: 8.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:57.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6325341"
},
{
"name": "ibm-spectrum-cve20204693-code-exec (186782)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186782"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1.0.000"
},
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "7.1.10"
},
{
"status": "affected",
"version": "8.1.9"
}
]
}
],
"datePublic": "2020-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.9,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:H/AC:L/A:N/UI:N/PR:N/S:U/AV:N/C:H/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T18:25:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6325341"
},
{
"name": "ibm-spectrum-cve20204693-code-exec (186782)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186782"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-09-01T00:00:00",
"ID": "CVE-2020-4693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "7.1.0.000"
},
{
"version_value": "8.1.0.000"
},
{
"version_value": "7.1.10"
},
{
"version_value": "8.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6325341",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6325341 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6325341"
},
{
"name": "ibm-spectrum-cve20204693-code-exec (186782)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186782"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4693",
"datePublished": "2020-09-02T18:25:25.686564Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T03:07:44.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22494 (GCVE-0-2022-22494)
Vulnerability from nvd – Published: 2022-06-30 16:50 – Updated: 2024-09-16 23:11
VLAI?
Summary
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1.0.000
Affected: 8.1.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6596883"
},
{
"name": "ibm-spectrum-cve202222494-info-disc (226940)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.14"
}
]
}
],
"datePublic": "2022-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.2,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:N/AV:N/S:U/AC:H/C:L/A:N/UI:N/I:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T16:50:34",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6596883"
},
{
"name": "ibm-spectrum-cve202222494-info-disc (226940)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226940"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-29T00:00:00",
"ID": "CVE-2022-22494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.14"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6596883",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6596883 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6596883"
},
{
"name": "ibm-spectrum-cve202222494-info-disc (226940)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226940"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22494",
"datePublished": "2022-06-30T16:50:34.927957Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:11:21.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22485 (GCVE-0-2022-22485)
Vulnerability from nvd – Published: 2022-06-17 15:20 – Updated: 2024-09-17 00:10
VLAI?
Summary
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1.0.000
Affected: 8.1.14.000 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6595655"
},
{
"name": "ibm-spectrum-cve202222485-info-disc (226325)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.14.000"
}
]
}
],
"datePublic": "2022-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator\u0027s invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/S:U/UI:N/AV:N/A:N/I:N/C:H/PR:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-17T15:20:14",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6595655"
},
{
"name": "ibm-spectrum-cve202222485-info-disc (226325)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-16T00:00:00",
"ID": "CVE-2022-22485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.14.000"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator\u0027s invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6595655",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6595655 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6595655"
},
{
"name": "ibm-spectrum-cve202222485-info-disc (226325)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22485",
"datePublished": "2022-06-17T15:20:14.355385Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:10:27.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22348 (GCVE-0-2022-22348)
Vulnerability from nvd – Published: 2022-03-14 17:00 – Updated: 2024-09-16 19:31
VLAI?
Summary
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1.0.000
Affected: 8.1.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:54.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"name": "ibm-spectrum-cve202222348-info-disc (220139)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220139"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.13"
}
]
}
],
"datePublic": "2022-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/A:N/AV:L/I:L/S:U/UI:N/PR:N/AC:H/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T17:00:24",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"name": "ibm-spectrum-cve202222348-info-disc (220139)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220139"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-11T00:00:00",
"ID": "CVE-2022-22348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.13"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "L",
"C": "L",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6562855",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6562855 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"name": "ibm-spectrum-cve202222348-info-disc (220139)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220139"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22348",
"datePublished": "2022-03-14T17:00:24.258848Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:31:22.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22346 (GCVE-0-2022-22346)
Vulnerability from nvd – Published: 2022-03-14 17:00 – Updated: 2024-09-16 20:38
VLAI?
Summary
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1.0.000
Affected: 8.1.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:54.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"name": "ibm-spectrum-cve202222346-csrf (220048)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.13"
}
]
}
],
"datePublic": "2022-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/S:U/I:L/UI:R/AC:L/PR:N/C:N/AV:N/A:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T17:00:22",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"name": "ibm-spectrum-cve202222346-csrf (220048)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-11T00:00:00",
"ID": "CVE-2022-22346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.13"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6562855",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6562855 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6562855"
},
{
"name": "ibm-spectrum-cve202222346-csrf (220048)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22346",
"datePublished": "2022-03-14T17:00:22.782052Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T20:38:06.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38901 (GCVE-0-2021-38901)
Vulnerability from nvd – Published: 2021-12-13 18:35 – Updated: 2024-09-17 00:40
VLAI?
Summary
IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
7.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:51:20.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6524924"
},
{
"name": "ibm-spectrum-cve202138901-info-disc (209610)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209610"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1"
}
]
}
],
"datePublic": "2021-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/A:N/PR:N/S:U/C:H/I:N/AV:L/UI:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-13T18:35:30",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6524924"
},
{
"name": "ibm-spectrum-cve202138901-info-disc (209610)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209610"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-12-10T00:00:00",
"ID": "CVE-2021-38901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6524924",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6524924 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6524924"
},
{
"name": "ibm-spectrum-cve202138901-info-disc (209610)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/209610"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-38901",
"datePublished": "2021-12-13T18:35:30.543202Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T00:40:53.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4956 (GCVE-0-2020-4956)
Vulnerability from nvd – Published: 2021-02-15 15:05 – Updated: 2024-09-17 00:25
VLAI?
Summary
IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156.
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1
Affected: 7.1 Affected: 8.1.10.100 Affected: 7.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204956-dos (192156)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1.10.100"
},
{
"status": "affected",
"version": "7.1.12"
}
]
}
],
"datePublic": "2021-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:N/I:N/PR:L/AV:A/UI:N/A:H/S:U/AC:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-15T15:06:10",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204956-dos (192156)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-02-12T00:00:00",
"ID": "CVE-2020-4956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "7.1"
},
{
"version_value": "8.1.10.100"
},
{
"version_value": "7.1.12"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a denial of service, caused by a RPC that allows certain cache values to be set and dumped to a file. By setting a grossly large cache value and dumping that cached value to a file multiple times, a remote attacker could exploit this vulnerability to cause the consumption of all memory resources. IBM X-Force ID: 192156."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "A",
"C": "N",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6404966",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6404966 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204956-dos (192156)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4956",
"datePublished": "2021-02-15T15:05:21.174907Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T00:25:43.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4955 (GCVE-0-2020-4955)
Vulnerability from nvd – Published: 2021-02-15 15:05 – Updated: 2024-09-17 02:31
VLAI?
Summary
IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155.
Severity ?
CWE
- Gain Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1
Affected: 7.1 Affected: 8.1.10.100 Affected: 7.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204955-code-exec (192155)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1.10.100"
},
{
"status": "affected",
"version": "7.1.12"
}
]
}
],
"datePublic": "2021-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/S:C/A:H/AC:H/PR:L/UI:N/AV:A/I:H/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-15T15:06:11",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204955-code-exec (192155)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-02-12T00:00:00",
"ID": "CVE-2020-4955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "7.1"
},
{
"version_value": "8.1.10.100"
},
{
"version_value": "7.1.12"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to load a malicious .dll with elevated privileges. IBM X-Force ID: 192155."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "A",
"C": "H",
"I": "H",
"PR": "L",
"S": "C",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6404966",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6404966 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204955-code-exec (192155)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192155"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4955",
"datePublished": "2021-02-15T15:05:20.081987Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T02:31:23.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4954 (GCVE-0-2020-4954)
Vulnerability from nvd – Published: 2021-02-15 15:05 – Updated: 2024-09-17 01:21
VLAI?
Summary
IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153.
Severity ?
CWE
- Bypass Security
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1
Affected: 7.1 Affected: 8.1.10.100 Affected: 7.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204954-auth-bypass (192153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "8.1.10.100"
},
{
"status": "affected",
"version": "7.1.12"
}
]
}
],
"datePublic": "2021-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.7,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/I:L/AV:A/PR:N/UI:N/S:U/AC:H/A:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-15T15:06:11",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204954-auth-bypass (192153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-02-12T00:00:00",
"ID": "CVE-2020-4954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "7.1"
},
{
"version_value": "8.1.10.100"
},
{
"version_value": "7.1.12"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to bypass authentication restrictions, caused by improper session validation . By using the configuration panel to obtain a valid session using an attacker controlled IBM Spectrum Protect server, an attacker could exploit this vulnerability to bypass authentication and gain access to a limited number of debug functions, such as logging levels. IBM X-Force ID: 192153."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "A",
"C": "L",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6404966",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6404966 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6404966"
},
{
"name": "ibm-spectrum-cve20204954-auth-bypass (192153)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/192153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4954",
"datePublished": "2021-02-15T15:05:19.339316Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T01:21:33.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4771 (GCVE-0-2020-4771)
Vulnerability from nvd – Published: 2020-11-23 16:55 – Updated: 2024-09-17 02:00
VLAI?
Summary
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
8.1
Affected: 8.1.10 Affected: 7.1 Affected: 7.1.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6369101"
},
{
"name": "ibm-spectrum-cve20204771-info-disc (188993)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "8.1.10"
},
{
"status": "affected",
"version": "7.1"
},
{
"status": "affected",
"version": "7.1.11"
}
]
}
],
"datePublic": "2020-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:L/A:N/AV:N/AC:L/UI:N/PR:N/S:U/I:N/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-23T16:55:19",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6369101"
},
{
"name": "ibm-spectrum-cve20204771-info-disc (188993)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-11-20T00:00:00",
"ID": "CVE-2020-4771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "8.1.10"
},
{
"version_value": "7.1"
},
{
"version_value": "7.1.11"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6369101",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6369101 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6369101"
},
{
"name": "ibm-spectrum-cve20204771-info-disc (188993)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/188993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4771",
"datePublished": "2020-11-23T16:55:19.824419Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T02:00:53.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4693 (GCVE-0-2020-4693)
Vulnerability from nvd – Published: 2020-09-02 18:25 – Updated: 2024-09-17 03:07
VLAI?
Summary
IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782.
Severity ?
9.1 (Critical)
CWE
- Gain Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Spectrum Protect Operations Center |
Affected:
7.1.0.000
Affected: 8.1.0.000 Affected: 7.1.10 Affected: 8.1.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:57.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6325341"
},
{
"name": "ibm-spectrum-cve20204693-code-exec (186782)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186782"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Operations Center",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1.0.000"
},
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "7.1.10"
},
{
"status": "affected",
"version": "8.1.9"
}
]
}
],
"datePublic": "2020-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.9,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:H/AC:L/A:N/UI:N/PR:N/S:U/AV:N/C:H/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-02T18:25:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6325341"
},
{
"name": "ibm-spectrum-cve20204693-code-exec (186782)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186782"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-09-01T00:00:00",
"ID": "CVE-2020-4693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Operations Center",
"version": {
"version_data": [
{
"version_value": "7.1.0.000"
},
{
"version_value": "8.1.0.000"
},
{
"version_value": "7.1.10"
},
{
"version_value": "8.1.9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "H",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6325341",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6325341 (Spectrum Protect Operations Center)",
"url": "https://www.ibm.com/support/pages/node/6325341"
},
{
"name": "ibm-spectrum-cve20204693-code-exec (186782)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/186782"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4693",
"datePublished": "2020-09-02T18:25:25.686564Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T03:07:44.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}