8 results (0.011 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-38324 – IBM Storage Defender improper certificate validation

https://notcve.org/view.php?id=CVE-2024-38324

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system. • https://www.ibm.com/support/pages/node/7168640 • CWE-297: Improper Validation of Certificate with Host Mismatch •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-38322 – IBM Storage Defender information disclosure

https://notcve.org/view.php?id=CVE-2024-38322

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869. IBM Storage Defender - Resiliency Service 2.0.0 a 2.0.4 La discrepancia en la respuesta de error de nombre de usuario y contraseña del agente expone el producto a una enumeración de fuerza bruta. ID de IBM X-Force: 294869. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294869 https://www.ibm.com/support/pages/node/7158446 • CWE-204: Observable Response Discrepancy •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-25031 – IBM Storage Defender information disclosure

https://notcve.org/view.php?id=CVE-2024-25031

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678. IBM Storage Defender - Resiliency Service 2.0.0 a 2.0.4 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante en la red utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 281678. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281678 https://www.ibm.com/support/pages/node/7158446 • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-27261 – IBM Storage Defender - Resiliency Service privilege escalation

https://notcve.org/view.php?id=CVE-2024-27261

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986. IBM Storage Defender - Resiliency Service 2.0.0 a 2.0.2 podría permitir a un usuario privilegiado instalar un archivo tar potencialmente peligroso, lo que podría darle acceso a sistemas posteriores donde se instaló el paquete. ID de IBM X-Force: 283986. • https://exchange.xforce.ibmcloud.com/vulnerabilities/283986 https://www.ibm.com/support/pages/node/7148023 • CWE-749: Exposed Dangerous Method or Function •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-22313 – IBM Storage Defender - Resiliency Service information disclosure

https://notcve.org/view.php?id=CVE-2024-22313

IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. IBM Storage Defender - Resiliency Service 2.0 contiene credenciales codificadas, como una contraseña o clave criptográfica, que utiliza para su propia autenticación entrante, comunicación saliente con componentes externos o cifrado de datos internos. ID de IBM X-Force: 278749. • https://exchange.xforce.ibmcloud.com/vulnerabilities/278749 https://www.ibm.com/support/pages/node/7115261 • CWE-798: Use of Hard-coded Credentials •