Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for spectrum_protect_server by ibm

    CVE-2025-3319 (GCVE-0-2025-3319)

    Vulnerability from nvd – Published: 2025-06-20 14:50 – Updated: 2025-08-24 11:45
    VLAI
    Title
    IBM Spectrum Protect Server authentication bypass
    Summary
    IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7236999 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Server Affected: 8.1 , ≤ 8.1.26 (semver)
        cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.26.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T20:46:06.907141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T20:46:18.164Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.26.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Spectrum Protect Server",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.26",
                  "status": "affected",
                  "version": "8.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources."
                }
              ],
              "value": "IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:45:17.815Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7236999"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading.\u003cbr\u003e\u003cbr\u003eIBM Storage Protect Server Fixing Level  Platform  Remediation/Fix/Instructions 8.1.27  AIX Linux Windows  Instructions for downloading the update: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/588021\"\u003ehttps://www.ibm.com/support/pages/node/588021\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading.\n\nIBM Storage Protect Server Fixing Level  Platform  Remediation/Fix/Instructions 8.1.27  AIX Linux Windows  Instructions for downloading the update:  https://www.ibm.com/support/pages/node/588021"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Spectrum Protect Server authentication bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-3319",
        "datePublished": "2025-06-20T14:50:45.991Z",
        "dateReserved": "2025-04-05T13:19:28.547Z",
        "dateUpdated": "2025-08-24T11:45:17.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22496 (GCVE-0-2022-22496)

    Vulnerability from nvd – Published: 2022-06-30 16:25 – Updated: 2024-09-17 01:15
    VLAI
    Summary
    While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Server Affected: 8.1.0.000
    Affected: 8.1.14
    Create a notification for this product.
    Date Public
    2022-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.267Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6596881"
              },
              {
                "name": "ibm-spectrum-cve202222496-info-disc (226942)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect Server",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0.000"
                },
                {
                  "status": "affected",
                  "version": "8.1.14"
                }
              ]
            }
          ],
          "datePublic": "2022-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/S:U/C:H/PR:N/I:N/AV:A/UI:N/AC:H/RC:C/E:U/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-30T16:25:31.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6596881"
            },
            {
              "name": "ibm-spectrum-cve202222496-info-disc (226942)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-06-29T00:00:00",
              "ID": "CVE-2022-22496",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0.000"
                              },
                              {
                                "version_value": "8.1.14"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "A",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6596881",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6596881 (Spectrum Protect Server)",
                  "url": "https://www.ibm.com/support/pages/node/6596881"
                },
                {
                  "name": "ibm-spectrum-cve202222496-info-disc (226942)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22496",
        "datePublished": "2022-06-30T16:25:31.669Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:15:47.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22487 (GCVE-0-2022-22487)

    Vulnerability from nvd – Published: 2022-06-30 16:25 – Updated: 2024-09-16 20:07
    VLAI
    Summary
    An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Server Affected: 8.1.0.000
    Affected: 8.1.14
    Create a notification for this product.
    Date Public
    2022-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.322Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6596881"
              },
              {
                "name": "ibm-spectrum-cve202222487-info-disc (226326)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect Server",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0.000"
                },
                {
                  "status": "affected",
                  "version": "8.1.14"
                }
              ]
            }
          ],
          "datePublic": "2022-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/S:U/A:N/AV:N/AC:H/UI:N/PR:N/I:N/C:H/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-30T16:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6596881"
            },
            {
              "name": "ibm-spectrum-cve202222487-info-disc (226326)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-06-29T00:00:00",
              "ID": "CVE-2022-22487",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0.000"
                              },
                              {
                                "version_value": "8.1.14"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "N",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6596881",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6596881 (Spectrum Protect Server)",
                  "url": "https://www.ibm.com/support/pages/node/6596881"
                },
                {
                  "name": "ibm-spectrum-cve202222487-info-disc (226326)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22487",
        "datePublished": "2022-06-30T16:25:26.688Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:07:36.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4591 (GCVE-0-2020-4591)

    Vulnerability from nvd – Published: 2020-08-28 14:35 – Updated: 2024-09-17 00:02
    VLAI
    Summary
    IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Server Affected: 8.1.0.000
    Affected: 8.1.10.000
    Create a notification for this product.
    Date Public
    2020-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:07:48.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6323765"
              },
              {
                "name": "ibm-spectrum-cve20204591-info-disc (184746)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect Server",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0.000"
                },
                {
                  "status": "affected",
                  "version": "8.1.10.000"
                }
              ]
            }
          ],
          "datePublic": "2020-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 2.6,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/AC:H/C:L/S:U/AV:L/I:N/PR:N/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-28T14:35:20.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6323765"
            },
            {
              "name": "ibm-spectrum-cve20204591-info-disc (184746)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-08-27T00:00:00",
              "ID": "CVE-2020-4591",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0.000"
                              },
                              {
                                "version_value": "8.1.10.000"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "L",
                  "C": "L",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6323765",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6323765 (Spectrum Protect Server)",
                  "url": "https://www.ibm.com/support/pages/node/6323765"
                },
                {
                  "name": "ibm-spectrum-cve20204591-info-disc (184746)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4591",
        "datePublished": "2020-08-28T14:35:20.547Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:02:30.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1788 (GCVE-0-2018-1788)

    Vulnerability from nvd – Published: 2018-11-02 15:00 – Updated: 2024-09-16 22:09
    VLAI
    Summary
    IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2018-10-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:07:44.300Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-tivoli-cve20181788-info-disc(148873)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148873"
              },
              {
                "name": "105818",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105818"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10730357"
              },
              {
                "name": "1042032",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042032"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2018-10-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.6,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:H/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-09T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-tivoli-cve20181788-info-disc(148873)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148873"
            },
            {
              "name": "105818",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105818"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10730357"
            },
            {
              "name": "1042032",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042032"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-10-31T00:00:00",
              "ID": "CVE-2018-1788",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-tivoli-cve20181788-info-disc(148873)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148873"
                },
                {
                  "name": "105818",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105818"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10730357",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10730357"
                },
                {
                  "name": "1042032",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042032"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1788",
        "datePublished": "2018-11-02T15:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:38.555Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3319 (GCVE-0-2025-3319)

    Vulnerability from cvelistv5 – Published: 2025-06-20 14:50 – Updated: 2025-08-24 11:45
    VLAI
    Title
    IBM Spectrum Protect Server authentication bypass
    Summary
    IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7236999 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Server Affected: 8.1 , ≤ 8.1.26 (semver)
        cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.26.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T20:46:06.907141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T20:46:18.164Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.26.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Spectrum Protect Server",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "8.1.26",
                  "status": "affected",
                  "version": "8.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources."
                }
              ],
              "value": "IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-24T11:45:17.815Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7236999"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading.\u003cbr\u003e\u003cbr\u003eIBM Storage Protect Server Fixing Level  Platform  Remediation/Fix/Instructions 8.1.27  AIX Linux Windows  Instructions for downloading the update: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/588021\"\u003ehttps://www.ibm.com/support/pages/node/588021\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading.\n\nIBM Storage Protect Server Fixing Level  Platform  Remediation/Fix/Instructions 8.1.27  AIX Linux Windows  Instructions for downloading the update:  https://www.ibm.com/support/pages/node/588021"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM Spectrum Protect Server authentication bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-3319",
        "datePublished": "2025-06-20T14:50:45.991Z",
        "dateReserved": "2025-04-05T13:19:28.547Z",
        "dateUpdated": "2025-08-24T11:45:17.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22496 (GCVE-0-2022-22496)

    Vulnerability from cvelistv5 – Published: 2022-06-30 16:25 – Updated: 2024-09-17 01:15
    VLAI
    Summary
    While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Server Affected: 8.1.0.000
    Affected: 8.1.14
    Create a notification for this product.
    Date Public
    2022-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.267Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6596881"
              },
              {
                "name": "ibm-spectrum-cve202222496-info-disc (226942)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect Server",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0.000"
                },
                {
                  "status": "affected",
                  "version": "8.1.14"
                }
              ]
            }
          ],
          "datePublic": "2022-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.6,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/S:U/C:H/PR:N/I:N/AV:A/UI:N/AC:H/RC:C/E:U/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-30T16:25:31.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6596881"
            },
            {
              "name": "ibm-spectrum-cve202222496-info-disc (226942)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-06-29T00:00:00",
              "ID": "CVE-2022-22496",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0.000"
                              },
                              {
                                "version_value": "8.1.14"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "A",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6596881",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6596881 (Spectrum Protect Server)",
                  "url": "https://www.ibm.com/support/pages/node/6596881"
                },
                {
                  "name": "ibm-spectrum-cve202222496-info-disc (226942)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22496",
        "datePublished": "2022-06-30T16:25:31.669Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:15:47.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22487 (GCVE-0-2022-22487)

    Vulnerability from cvelistv5 – Published: 2022-06-30 16:25 – Updated: 2024-09-16 20:07
    VLAI
    Summary
    An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Server Affected: 8.1.0.000
    Affected: 8.1.14
    Create a notification for this product.
    Date Public
    2022-06-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.322Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6596881"
              },
              {
                "name": "ibm-spectrum-cve202222487-info-disc (226326)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect Server",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0.000"
                },
                {
                  "status": "affected",
                  "version": "8.1.14"
                }
              ]
            }
          ],
          "datePublic": "2022-06-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/S:U/A:N/AV:N/AC:H/UI:N/PR:N/I:N/C:H/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-30T16:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6596881"
            },
            {
              "name": "ibm-spectrum-cve202222487-info-disc (226326)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2022-06-29T00:00:00",
              "ID": "CVE-2022-22487",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0.000"
                              },
                              {
                                "version_value": "8.1.14"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "N",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6596881",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6596881 (Spectrum Protect Server)",
                  "url": "https://www.ibm.com/support/pages/node/6596881"
                },
                {
                  "name": "ibm-spectrum-cve202222487-info-disc (226326)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-22487",
        "datePublished": "2022-06-30T16:25:26.688Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:07:36.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4591 (GCVE-0-2020-4591)

    Vulnerability from cvelistv5 – Published: 2020-08-28 14:35 – Updated: 2024-09-17 00:02
    VLAI
    Summary
    IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Server Affected: 8.1.0.000
    Affected: 8.1.10.000
    Create a notification for this product.
    Date Public
    2020-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:07:48.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6323765"
              },
              {
                "name": "ibm-spectrum-cve20204591-info-disc (184746)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect Server",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.1.0.000"
                },
                {
                  "status": "affected",
                  "version": "8.1.10.000"
                }
              ]
            }
          ],
          "datePublic": "2020-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 2.6,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/AC:H/C:L/S:U/AV:L/I:N/PR:N/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-28T14:35:20.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6323765"
            },
            {
              "name": "ibm-spectrum-cve20204591-info-disc (184746)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-08-27T00:00:00",
              "ID": "CVE-2020-4591",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.1.0.000"
                              },
                              {
                                "version_value": "8.1.10.000"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "L",
                  "C": "L",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6323765",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6323765 (Spectrum Protect Server)",
                  "url": "https://www.ibm.com/support/pages/node/6323765"
                },
                {
                  "name": "ibm-spectrum-cve20204591-info-disc (184746)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4591",
        "datePublished": "2020-08-28T14:35:20.547Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:02:30.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1788 (GCVE-0-2018-1788)

    Vulnerability from cvelistv5 – Published: 2018-11-02 15:00 – Updated: 2024-09-16 22:09
    VLAI
    Summary
    IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Spectrum Protect Affected: 7.1
    Affected: 8.1
    Create a notification for this product.
    Date Public
    2018-10-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:07:44.300Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-tivoli-cve20181788-info-disc(148873)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148873"
              },
              {
                "name": "105818",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105818"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10730357"
              },
              {
                "name": "1042032",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042032"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Spectrum Protect",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.1"
                },
                {
                  "status": "affected",
                  "version": "8.1"
                }
              ]
            }
          ],
          "datePublic": "2018-10-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.6,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:H/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-09T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-tivoli-cve20181788-info-disc(148873)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148873"
            },
            {
              "name": "105818",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105818"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10730357"
            },
            {
              "name": "1042032",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042032"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-10-31T00:00:00",
              "ID": "CVE-2018-1788",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Spectrum Protect",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.1"
                              },
                              {
                                "version_value": "8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-tivoli-cve20181788-info-disc(148873)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148873"
                },
                {
                  "name": "105818",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105818"
                },
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10730357",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10730357"
                },
                {
                  "name": "1042032",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042032"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1788",
        "datePublished": "2018-11-02T15:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:09:38.555Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }