Ibm Spectrum Protect Server vulnerabilities

CVE-2025-3319 [HIGH] CWE-306 CVE-2025-3319: IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources.

CVE-2022-22487 [CRITICAL] CWE-307 CVE-2022-22487: An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Pr

CVE-2022-22496 [MEDIUM] CWE-307 CVE-2022-22496: While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being establish While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942.

CVE-2022-22485 [CRITICAL] CWE-307 CVE-2022-22485: In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to

CVE-2022-22394 [HIGH] CVE-2022-22394: The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrict The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server.

CVE-2021-20491 [MEDIUM] CWE-787 CVE-2021-20491: IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improp IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792.

CVE-2020-4591 [LOW] CWE-311 CVE-2020-4591: IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in non IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746.

CVE-2018-1788 [MEDIUM] CWE-532 CVE-2018-1788: IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs t IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.