| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of IBM Spectrum Protect
IBM Spectrum Protect: information disclosure via Plain Text Password
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Plain Text Password of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 09/04/2019.
Identifiers: CVE-2018-1882, ibm10869208, ibm10869436, VIGILANCE-VUL-28973.
Description of the vulnerability
An attacker can bypass access restrictions to data via Plain Text Password of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect: privilege escalation via Client Web Interface Clickjacking
Synthesis of the vulnerability
An attacker can bypass restrictions via Client Web Interface Clickjacking of IBM Spectrum Protect, in order to escalate his privileges.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 09/04/2019.
Identifiers: CVE-2018-1853, ibm10870718, VIGILANCE-VUL-28972.
Description of the vulnerability
An attacker can bypass restrictions via Client Web Interface Clickjacking of IBM Spectrum Protect, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect: information disclosure via Password Exposure
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Password Exposure of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 09/04/2019.
Identifiers: CVE-2018-1787, ibm10869602, VIGILANCE-VUL-28971.
Description of the vulnerability
An attacker can bypass access restrictions to data via Password Exposure of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect: information disclosure via Restored Files Permissions
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Restored Files Permissions of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 03/04/2019.
Identifiers: CVE-2019-4093, ibm10875518, VIGILANCE-VUL-28931.
Description of the vulnerability
An attacker can bypass access restrictions to data via Restored Files Permissions of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect: denial of service via TCP CLOSE_WAIT
Synthesis of the vulnerability
An attacker can generate a fatal error via TCP CLOSE_WAIT of IBM Spectrum Protect, in order to trigger a denial of service.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/11/2018.
Identifiers: CERTFR-2018-AVI-539, CVE-2018-1786, ibm10738765, VIGILANCE-VUL-27744.
Description of the vulnerability
An attacker can generate a fatal error via TCP CLOSE_WAIT of IBM Spectrum Protect, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect: information disclosure via Tracing
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Tracing of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 05/11/2018.
Identifiers: CVE-2018-1788, ibm10730357, VIGILANCE-VUL-27682.
Description of the vulnerability
An attacker can bypass access restrictions to data via Tracing of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect: denial of service
Synthesis of the vulnerability
An attacker can generate a fatal error of IBM Spectrum Protect, in order to trigger a denial of service.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 27/09/2018.
Identifiers: CVE-2018-1550, ibm10719401, VIGILANCE-VUL-27352.
Description of the vulnerability
An attacker can generate a fatal error of IBM Spectrum Protect, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect: information disclosure via Triple DES
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Triple DES of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 24/09/2018.
Identifiers: CVE-2018-1785, ibm10729873, VIGILANCE-VUL-27299.
Description of the vulnerability
An attacker can bypass access restrictions to data via Triple DES of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM Spectrum Protect: information disclosure via Legacy SSL/TLS Protocols
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Legacy SSL/TLS Protocols of IBM Spectrum Protect, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 24/09/2018.
Identifiers: CVE-2018-1545, ibm10718013, VIGILANCE-VUL-27298.
Description of the vulnerability
An attacker can bypass access restrictions to data via Legacy SSL/TLS Protocols of IBM Spectrum Protect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
IBM Java: code execution via Attach API
Synthesis of the vulnerability
An attacker can use a vulnerability via Attach API of IBM Java, in order to run code.
Impacted products: AIX, DB2 UDB, Domino, Notes, IRAD, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, WebSphere MQ, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 28/08/2018.
Identifiers: CERTFR-2018-AVI-544, CVE-2018-12539, ibm10725491, ibm10729349, ibm10730083, ibm10733905, ibm10735319, ibm10735325, ibm10738401, ibm10738997, ibm10742729, ibm10743193, ibm10743351, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, VIGILANCE-VUL-27093.
Description of the vulnerability
An attacker can use a vulnerability via Attach API of IBM Java, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about IBM Spectrum Protect:
|