Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for Spectrum Protect Server by IBM
CVE-2025-3319 (GCVE-0-2025-3319)
Vulnerability from cvelistv5 – Published: 2025-06-20 14:50 – Updated: 2025-08-24 11:45
VLAI
Title
IBM Spectrum Protect Server authentication bypass
Summary
IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7236999 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1 , ≤ 8.1.26
(semver)
cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.26.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T20:46:06.907141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T20:46:18.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.26.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.1.26",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources."
}
],
"value": "IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:45:17.815Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7236999"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading.\u003cbr\u003e\u003cbr\u003eIBM Storage Protect Server Fixing Level Platform Remediation/Fix/Instructions 8.1.27 AIX Linux Windows Instructions for downloading the update: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/588021\"\u003ehttps://www.ibm.com/support/pages/node/588021\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading.\n\nIBM Storage Protect Server Fixing Level Platform Remediation/Fix/Instructions 8.1.27 AIX Linux Windows Instructions for downloading the update: https://www.ibm.com/support/pages/node/588021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Spectrum Protect Server authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3319",
"datePublished": "2025-06-20T14:50:45.991Z",
"dateReserved": "2025-04-05T13:19:28.547Z",
"dateUpdated": "2025-08-24T11:45:17.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22496 (GCVE-0-2022-22496)
Vulnerability from cvelistv5 – Published: 2022-06-30 16:25 – Updated: 2024-09-17 01:15
VLAI
Summary
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.
Severity
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6596881 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1.0.000
Affected: 8.1.14 |
Date Public
2022-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6596881"
},
{
"name": "ibm-spectrum-cve202222496-info-disc (226942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.14"
}
]
}
],
"datePublic": "2022-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/S:U/C:H/PR:N/I:N/AV:A/UI:N/AC:H/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T16:25:31.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6596881"
},
{
"name": "ibm-spectrum-cve202222496-info-disc (226942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-29T00:00:00",
"ID": "CVE-2022-22496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.14"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "A",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6596881",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6596881 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6596881"
},
{
"name": "ibm-spectrum-cve202222496-info-disc (226942)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22496",
"datePublished": "2022-06-30T16:25:31.669Z",
"dateReserved": "2022-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:15:47.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22487 (GCVE-0-2022-22487)
Vulnerability from cvelistv5 – Published: 2022-06-30 16:25 – Updated: 2024-09-16 20:07
VLAI
Summary
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.
Severity
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6596881 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1.0.000
Affected: 8.1.14 |
Date Public
2022-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6596881"
},
{
"name": "ibm-spectrum-cve202222487-info-disc (226326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.14"
}
]
}
],
"datePublic": "2022-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/A:N/AV:N/AC:H/UI:N/PR:N/I:N/C:H/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T16:25:26.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6596881"
},
{
"name": "ibm-spectrum-cve202222487-info-disc (226326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-29T00:00:00",
"ID": "CVE-2022-22487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.14"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6596881",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6596881 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6596881"
},
{
"name": "ibm-spectrum-cve202222487-info-disc (226326)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22487",
"datePublished": "2022-06-30T16:25:26.688Z",
"dateReserved": "2022-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:07:36.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22485 (GCVE-0-2022-22485)
Vulnerability from cvelistv5 – Published: 2022-06-17 15:20 – Updated: 2024-09-17 00:10
VLAI
Summary
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.
Severity
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6595655 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1.0.000
Affected: 8.1.14.000 |
Date Public
2022-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6595655"
},
{
"name": "ibm-spectrum-cve202222485-info-disc (226325)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.14.000"
}
]
}
],
"datePublic": "2022-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator\u0027s invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/S:U/UI:N/AV:N/A:N/I:N/C:H/PR:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-17T15:20:14.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6595655"
},
{
"name": "ibm-spectrum-cve202222485-info-disc (226325)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-16T00:00:00",
"ID": "CVE-2022-22485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.14.000"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator\u0027s invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6595655",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6595655 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6595655"
},
{
"name": "ibm-spectrum-cve202222485-info-disc (226325)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22485",
"datePublished": "2022-06-17T15:20:14.355Z",
"dateReserved": "2022-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:10:27.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22394 (GCVE-0-2022-22394)
Vulnerability from cvelistv5 – Published: 2022-03-21 16:20 – Updated: 2024-09-16 17:24
VLAI
Summary
The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server.
Severity
CWE
- Gain Privileges
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6564745 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1.14.000
|
Date Public
2022-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6564745"
},
{
"name": "ibm-spectrum-cve202222394-priv-esc (222147)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.14.000"
}
]
}
],
"datePublic": "2022-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/UI:N/I:H/AV:N/PR:L/AC:H/A:H/S:U/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T16:20:14.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6564745"
},
{
"name": "ibm-spectrum-cve202222394-priv-esc (222147)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-18T00:00:00",
"ID": "CVE-2022-22394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.14.000"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6564745",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6564745 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6564745"
},
{
"name": "ibm-spectrum-cve202222394-priv-esc (222147)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22394",
"datePublished": "2022-03-21T16:20:14.517Z",
"dateReserved": "2022-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:24:06.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20491 (GCVE-0-2021-20491)
Vulnerability from cvelistv5 – Published: 2021-04-16 15:40 – Updated: 2024-09-16 19:15
VLAI
Summary
IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792.
Severity
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6442993 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1
Affected: 7.1 |
Date Public
2021-04-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6442993"
},
{
"name": "ibm-spectrum-cve202120491-dos (197792)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"datePublic": "2021-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.9,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/A:H/UI:N/C:N/S:U/AV:L/AC:L/PR:H/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-16T15:40:15.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6442993"
},
{
"name": "ibm-spectrum-cve202120491-dos (197792)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197792"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-04-15T00:00:00",
"ID": "CVE-2021-20491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "N",
"I": "N",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6442993",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6442993 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6442993"
},
{
"name": "ibm-spectrum-cve202120491-dos (197792)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197792"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20491",
"datePublished": "2021-04-16T15:40:15.491Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:15:42.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4591 (GCVE-0-2020-4591)
Vulnerability from cvelistv5 – Published: 2020-08-28 14:35 – Updated: 2024-09-17 00:02
VLAI
Summary
IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.
Severity
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6323765 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1.0.000
Affected: 8.1.10.000 |
Date Public
2020-08-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:48.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6323765"
},
{
"name": "ibm-spectrum-cve20204591-info-disc (184746)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.10.000"
}
]
}
],
"datePublic": "2020-08-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 2.6,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/C:L/S:U/AV:L/I:N/PR:N/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-28T14:35:20.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6323765"
},
{
"name": "ibm-spectrum-cve20204591-info-disc (184746)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-08-27T00:00:00",
"ID": "CVE-2020-4591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.10.000"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "L",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6323765",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6323765 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6323765"
},
{
"name": "ibm-spectrum-cve20204591-info-disc (184746)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4591",
"datePublished": "2020-08-28T14:35:20.547Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:02:30.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3319 (GCVE-0-2025-3319)
Vulnerability from nvd – Published: 2025-06-20 14:50 – Updated: 2025-08-24 11:45
VLAI
Title
IBM Spectrum Protect Server authentication bypass
Summary
IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7236999 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1 , ≤ 8.1.26
(semver)
cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.26.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T20:46:06.907141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T20:46:18.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:storage_protect_backup_archive_client:8.1.26.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.1.26",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources."
}
],
"value": "IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:45:17.815Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7236999"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading.\u003cbr\u003e\u003cbr\u003eIBM Storage Protect Server Fixing Level Platform Remediation/Fix/Instructions 8.1.27 AIX Linux Windows Instructions for downloading the update: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/588021\"\u003ehttps://www.ibm.com/support/pages/node/588021\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerabilities now by upgrading.\n\nIBM Storage Protect Server Fixing Level Platform Remediation/Fix/Instructions 8.1.27 AIX Linux Windows Instructions for downloading the update: https://www.ibm.com/support/pages/node/588021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Spectrum Protect Server authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3319",
"datePublished": "2025-06-20T14:50:45.991Z",
"dateReserved": "2025-04-05T13:19:28.547Z",
"dateUpdated": "2025-08-24T11:45:17.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22496 (GCVE-0-2022-22496)
Vulnerability from nvd – Published: 2022-06-30 16:25 – Updated: 2024-09-17 01:15
VLAI
Summary
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.
Severity
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6596881 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1.0.000
Affected: 8.1.14 |
Date Public
2022-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6596881"
},
{
"name": "ibm-spectrum-cve202222496-info-disc (226942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.14"
}
]
}
],
"datePublic": "2022-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/S:U/C:H/PR:N/I:N/AV:A/UI:N/AC:H/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T16:25:31.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6596881"
},
{
"name": "ibm-spectrum-cve202222496-info-disc (226942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-29T00:00:00",
"ID": "CVE-2022-22496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.14"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "A",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6596881",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6596881 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6596881"
},
{
"name": "ibm-spectrum-cve202222496-info-disc (226942)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22496",
"datePublished": "2022-06-30T16:25:31.669Z",
"dateReserved": "2022-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:15:47.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22487 (GCVE-0-2022-22487)
Vulnerability from nvd – Published: 2022-06-30 16:25 – Updated: 2024-09-16 20:07
VLAI
Summary
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326.
Severity
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6596881 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1.0.000
Affected: 8.1.14 |
Date Public
2022-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6596881"
},
{
"name": "ibm-spectrum-cve202222487-info-disc (226326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.14"
}
]
}
],
"datePublic": "2022-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/A:N/AV:N/AC:H/UI:N/PR:N/I:N/C:H/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-30T16:25:26.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6596881"
},
{
"name": "ibm-spectrum-cve202222487-info-disc (226326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-29T00:00:00",
"ID": "CVE-2022-22487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.14"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6596881",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6596881 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6596881"
},
{
"name": "ibm-spectrum-cve202222487-info-disc (226326)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22487",
"datePublished": "2022-06-30T16:25:26.688Z",
"dateReserved": "2022-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:07:36.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22485 (GCVE-0-2022-22485)
Vulnerability from nvd – Published: 2022-06-17 15:20 – Updated: 2024-09-17 00:10
VLAI
Summary
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.
Severity
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6595655 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1.0.000
Affected: 8.1.14.000 |
Date Public
2022-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6595655"
},
{
"name": "ibm-spectrum-cve202222485-info-disc (226325)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.14.000"
}
]
}
],
"datePublic": "2022-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator\u0027s invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/S:U/UI:N/AV:N/A:N/I:N/C:H/PR:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-17T15:20:14.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6595655"
},
{
"name": "ibm-spectrum-cve202222485-info-disc (226325)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-16T00:00:00",
"ID": "CVE-2022-22485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.14.000"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator\u0027s invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6595655",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6595655 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6595655"
},
{
"name": "ibm-spectrum-cve202222485-info-disc (226325)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/226325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22485",
"datePublished": "2022-06-17T15:20:14.355Z",
"dateReserved": "2022-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:10:27.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22394 (GCVE-0-2022-22394)
Vulnerability from nvd – Published: 2022-03-21 16:20 – Updated: 2024-09-16 17:24
VLAI
Summary
The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server.
Severity
CWE
- Gain Privileges
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6564745 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1.14.000
|
Date Public
2022-03-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6564745"
},
{
"name": "ibm-spectrum-cve202222394-priv-esc (222147)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.14.000"
}
]
}
],
"datePublic": "2022-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/UI:N/I:H/AV:N/PR:L/AC:H/A:H/S:U/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T16:20:14.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6564745"
},
{
"name": "ibm-spectrum-cve202222394-priv-esc (222147)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-18T00:00:00",
"ID": "CVE-2022-22394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.14.000"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "H",
"AV": "N",
"C": "H",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6564745",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6564745 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6564745"
},
{
"name": "ibm-spectrum-cve202222394-priv-esc (222147)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22394",
"datePublished": "2022-03-21T16:20:14.517Z",
"dateReserved": "2022-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:24:06.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20491 (GCVE-0-2021-20491)
Vulnerability from nvd – Published: 2021-04-16 15:40 – Updated: 2024-09-16 19:15
VLAI
Summary
IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792.
Severity
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6442993 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1
Affected: 7.1 |
Date Public
2021-04-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6442993"
},
{
"name": "ibm-spectrum-cve202120491-dos (197792)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"datePublic": "2021-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.9,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/I:N/A:H/UI:N/C:N/S:U/AV:L/AC:L/PR:H/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-16T15:40:15.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6442993"
},
{
"name": "ibm-spectrum-cve202120491-dos (197792)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197792"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-04-15T00:00:00",
"ID": "CVE-2021-20491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1"
},
{
"version_value": "7.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "H",
"AC": "L",
"AV": "L",
"C": "N",
"I": "N",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6442993",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6442993 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6442993"
},
{
"name": "ibm-spectrum-cve202120491-dos (197792)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197792"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-20491",
"datePublished": "2021-04-16T15:40:15.491Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:15:42.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4591 (GCVE-0-2020-4591)
Vulnerability from nvd – Published: 2020-08-28 14:35 – Updated: 2024-09-17 00:02
VLAI
Summary
IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.
Severity
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6323765 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Spectrum Protect Server |
Affected:
8.1.0.000
Affected: 8.1.10.000 |
Date Public
2020-08-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:48.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6323765"
},
{
"name": "ibm-spectrum-cve20204591-info-disc (184746)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spectrum Protect Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.1.0.000"
},
{
"status": "affected",
"version": "8.1.10.000"
}
]
}
],
"datePublic": "2020-08-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 2.6,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/C:L/S:U/AV:L/I:N/PR:N/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-28T14:35:20.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6323765"
},
{
"name": "ibm-spectrum-cve20204591-info-disc (184746)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-08-27T00:00:00",
"ID": "CVE-2020-4591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spectrum Protect Server",
"version": {
"version_data": [
{
"version_value": "8.1.0.000"
},
{
"version_value": "8.1.10.000"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "L",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6323765",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6323765 (Spectrum Protect Server)",
"url": "https://www.ibm.com/support/pages/node/6323765"
},
{
"name": "ibm-spectrum-cve20204591-info-disc (184746)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184746"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4591",
"datePublished": "2020-08-28T14:35:20.547Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:02:30.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}