📦 Spectrum Protect Plus

IBM Spectrum Protect Plus versions 10.1.0.0 through 10.1.8.x have a CORS misconfiguration that allows attackers to perform privileged actions and access sensitive information. This affects all deploym...

IBM Spectrum Protect Plus versions 10.1.0 through 10.1.6 contain hard-coded credentials used for authentication and encryption. This allows attackers to gain unauthorized access to the system and pote...

IBM Spectrum Protect Plus versions 10.1.0.0 through 10.1.9.3 write credentials in clear text to virgo log files during certain operations. This exposes remote vSnap, offload targets, or VADP credentia...

This vulnerability allows attackers to perform Slowloris HTTP denial-of-service attacks against IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management. By keeping HTTP connections open withou...

CVE-2021-39057 is a server-side request forgery (SSRF) vulnerability in IBM Spectrum Protect Plus that allows authenticated attackers to make unauthorized requests from the vulnerable server. This cou...

IBM Spectrum Protect Plus versions 10.1.0 through 10.1.7 use weak cryptographic algorithms, allowing attackers to decrypt sensitive information. This affects organizations using these versions for dat...