CVE-2023-47148

>= 10.1.0 and < 10.1.15.3

IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive informati

5.3MEDIUM

CVE-2020-4497

>= 10.1.0 and < 10.1.13

IBM Spectrum Protect Plus 10.1.0 through 10.1.12 discloses sensitive information due to unencrypted data being used in the communi

6.8MEDIUM

CVE-2022-40608

>= 10.1.6 and <= 10.1.11

IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target mach

7.5HIGH

CVE-2022-40234

< 10.1.12

Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate i

5.9MEDIUM

CVE-2021-3669

>= 10.1.0 and <= 10.1.10.2

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts

5.5MEDIUM

CVE-2022-22396

>= 10.1.0 and < 10.1.10

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases.

7.5HIGH

CVE-2022-22354

>= 10.1.0 and < 10.1.9.3

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit th

7.5HIGH

CVE-2021-39063

>= 10.1.0 and < 10.1.9

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to car

9.1CRITICAL

CVE-2021-39057

>= 10.1.0 and < 10.1.9

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authent

8.1HIGH

CVE-2020-4496

>= 10.1.0 and <= 10.1.8.1

The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subjec

5.9MEDIUM

CVE-2021-20490

>= 10.1.0 and <= 10.1.8

IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permiss

5.5MEDIUM

CVE-2021-29694

>= 10.1.0 and <= 10.1.7

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to

7.5HIGH

CVE-2021-20536

all versions

IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be

6.2MEDIUM

CVE-2021-20432

>= 10.1.0 and <= 10.1.7

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry o

6.5MEDIUM

CVE-2020-5023

>= 10.1.0 and <= 10.1.7

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce

7.5HIGH

CVE-2020-5022

>= 10.1.0 and < 10.1.7

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result i

5.3MEDIUM

CVE-2020-5021

>= 10.1.0 and < 10.1.7

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user

4.4MEDIUM

CVE-2020-5020

>= 10.1.0 and < 10.1.7

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By pers

6.1MEDIUM

CVE-2020-5019

>= 10.1.0 and < 10.1.7

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by

6.5MEDIUM

CVE-2020-5018

>= 10.1.0 and < 10.1.7

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such informat

7.5HIGH

CVE-2020-4854

>= 10.1.0 and <= 10.1.6

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it

9.8CRITICAL

CVE-2020-4783

>= 10.1.0 and <= 10.1.6

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failu

5.9MEDIUM

CVE-2020-4711

>= 10.1.0 and <= 10.1.6

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker c

6.5MEDIUM

CVE-2020-4703

>= 10.1.0 and <= 10.1.6

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console could allow an authenticated attacker to upload arbitrary f

8.0HIGH

CVE-2020-4631

>= 10.1.0 and <= 10.1.6

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to ever

5.5MEDIUM

CVE-2020-4565

>= 10.1.0 and <= 10.1.5

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communicat

5.9MEDIUM

CVE-2020-4477

>= 10.1.0 and <= 10.1.5

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which c

6.5MEDIUM

CVE-2020-4471

>= 10.1.0 and <= 10.1.5

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS

6.5MEDIUM

CVE-2020-4470

>= 10.1.0 and <= 10.1.5

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary f

8.0HIGH

CVE-2020-4469

>= 10.1.0 and <= 10.1.5

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a

9.8CRITICAL

CVE-2020-4216

>= 10.1.0 and <= 10.1.5

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it

9.8CRITICAL

CVE-2020-4209

>= 10.1.0 and <= 10.1.5

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker c

5.4MEDIUM

CVE-2020-4242

>= 10.1.0 and <= 10.1.5

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbi

8.8HIGH

CVE-2020-4241

>= 10.1.0 and <= 10.1.5

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbi

8.8HIGH

CVE-2020-4240

>= 10.1.0 and <= 10.1.5

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker c

6.5MEDIUM

CVE-2020-4214

>= 10.1.0 and <= 10.1.5

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper v

7.5HIGH

CVE-2020-4208

>= 10.1.0 and <= 10.1.5

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it

9.8CRITICAL

CVE-2020-4206

>= 10.1.0 and <= 10.1.5

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the c

8.8HIGH

CVE-2019-4703

>= 10.1.0 and <= 10.1.5

IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with int

5.3MEDIUM

CVE-2019-4652

>= 10.1.0 and <= 10.1.4

IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which

7.1HIGH

CVE-2019-4383

all versions

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle or MongoDB databases, a redirected restore opera

6.7MEDIUM

CVE-2019-4357

all versions

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore

6.7MEDIUM

CVE-2019-4385

>= 10.1.2.219 and <= 10.1.2.303

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in a

6.5MEDIUM

CVE-2018-1768

all versions

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation

5.6MEDIUM