IBM Spectrum Protect

Do you want an email whenever new security vulnerabilities are reported in IBM Spectrum Protect?

By the Year

In 2024 there have been 0 vulnerabilities in IBM Spectrum Protect . Spectrum Protect did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	0	0.00
2022	0	0.00
2021	1	4.40
2020	3	9.80
2019	3	6.43
2018	1	7.50

It may take a day or so for new Spectrum Protect vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent IBM Spectrum Protect Security Vulnerabilities

IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands

CVE-2021-20491 4.4 - Medium - April 16, 2021

IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792.

Memory Corruption

IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking

CVE-2020-4415 9.8 - Critical - April 23, 2020

IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990.

Memory Corruption

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system

CVE-2020-4213 9.8 - Critical - February 24, 2020

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024.

Shell injection

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system

CVE-2020-4222 9.8 - Critical - February 24, 2020

Shell injection

IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory

CVE-2018-2025 4.4 - Medium - November 25, 2019

IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory that are read/writable by everyone. IBM X-Force ID: 155551.

Incorrect Default Permissions

The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow

CVE-2019-4267 7.8 - High - July 22, 2019

The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. This could allow execution of arbitrary code on the local system or the application to crash. IBM X-Force ID: 160200.

Buffer Overflow

IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could

CVE-2019-4140 7.1 - High - July 02, 2019

IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could allow a local user to replace existing databases by restoring old data. IBM X-Force ID: 158336.

Information Disclosure

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state

CVE-2018-1786 7.5 - High - November 12, 2018

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.

Resource Exhaustion

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for IBM Tivoli Storage Manager or by IBM? Click the Watch button to subscribe.

IBM
Vendor

IBM Spectrum Protect
Product

IBM Spectrum Protect

By the Year

Recent IBM Spectrum Protect Security Vulnerabilities

IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands CVE-2021-20491 4.4 - Medium - April 16, 2021

IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking CVE-2020-4415 9.8 - Critical - April 23, 2020

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system CVE-2020-4213 9.8 - Critical - February 24, 2020

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system CVE-2020-4222 9.8 - Critical - February 24, 2020

IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments 7.1 and 8.1 creates directories/files in the CIT sub directory CVE-2018-2025 4.4 - Medium - November 25, 2019

The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow CVE-2019-4267 7.8 - High - July 22, 2019

IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) could CVE-2019-4140 7.1 - High - July 02, 2019

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state CVE-2018-1786 7.5 - High - November 12, 2018