CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22314 – IBM Storage Defender - Resiliency Service information disclosure
https://notcve.org/view.php?id=CVE-2024-22314
16 Apr 2025 — IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7229903 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38325 – IBM Storage Defender information disclosure
https://notcve.org/view.php?id=CVE-2024-38325
27 Jan 2025 — IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7168640 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52361 – IBM Storage Defender - Resiliency Service information disclosure
https://notcve.org/view.php?id=CVE-2024-52361
18 Dec 2024 — IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod. • https://www.ibm.com/support/pages/node/7178587 • CWE-256: Plaintext Storage of a Password •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50956 – IBM Storage Defender - Resiliency Service information disclosure
https://notcve.org/view.php?id=CVE-2023-50956
18 Dec 2024 — IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. • https://www.ibm.com/support/pages/node/7178587 • CWE-256: Plaintext Storage of a Password •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47119 – IBM Storage Defender - Resiliency Service improper certificate validation
https://notcve.org/view.php?id=CVE-2024-47119
18 Dec 2024 — IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. • https://www.ibm.com/support/pages/node/7178587 • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38324 – IBM Storage Defender improper certificate validation
https://notcve.org/view.php?id=CVE-2024-38324
24 Sep 2024 — IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system. • https://www.ibm.com/support/pages/node/7168640 • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38322 – IBM Storage Defender information disclosure
https://notcve.org/view.php?id=CVE-2024-38322
28 Jun 2024 — IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869. IBM Storage Defender - Resiliency Service 2.0.0 a 2.0.4 La discrepancia en la respuesta de error de nombre de usuario y contraseña del agente expone el producto a una enumeración de fuerza bruta. ID de IBM X-Force: 294869. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294869 • CWE-204: Observable Response Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25031 – IBM Storage Defender information disclosure
https://notcve.org/view.php?id=CVE-2024-25031
28 Jun 2024 — IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678. IBM Storage Defender - Resiliency Service 2.0.0 a 2.0.4 utiliza una configuración de bloqueo de cuenta inadecuada que podría permitir a un atacante en la red utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 281678. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281678 • CWE-307: Improper Restriction of Excessive Authentication Attempts •