| Max CVSS | 6.4 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-5022 | 5.0 |
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658.
|
21-07-2021 - 11:39 | 08-01-2021 - 19:15 | |
| CVE-2020-5017 | 2.1 |
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653.
|
21-07-2021 - 11:39 | 08-01-2021 - 19:15 | |
| CVE-2020-5018 | 5.0 |
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.
|
13-01-2021 - 18:17 | 08-01-2021 - 19:15 | |
| CVE-2020-5021 | 3.6 |
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657.
|
11-01-2021 - 20:05 | 08-01-2021 - 19:15 | |
| CVE-2020-5020 | 4.3 |
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's
|
11-01-2021 - 20:04 | 08-01-2021 - 19:15 | |
| CVE-2020-5019 | 6.4 |
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inj
|
11-01-2021 - 20:03 | 08-01-2021 - 19:15 |