CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22312 – IBM Storage Defender - Resiliency Service information disclosure
https://notcve.org/view.php?id=CVE-2024-22312
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. IBM Storage Defender - Resiliency Service 2.0 almacena las credenciales de usuario en texto plano que puede ser leído por un usuario local. ID de IBM X-Force: 278748. • https://exchange.xforce.ibmcloud.com/vulnerabilities/278748 https://www.ibm.com/support/pages/node/7115261 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50957 – IBM Storage Defender - Resiliency Service privilege escalation
https://notcve.org/view.php?id=CVE-2023-50957
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783. IBM Storage Defender - Resiliency Service 2.0 podría permitir a un usuario privilegiado realizar acciones no autorizadas después de obtener datos cifrados del almacenamiento de claves de texto plano. ID de IBM X-Force: 275783. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275783 https://www.ibm.com/support/pages/node/7115261 • CWE-269: Improper Privilege Management CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50963 – IBM Storage Defender HTTP HOST header injection
https://notcve.org/view.php?id=CVE-2023-50963
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101. IBM Storage Defender - Data Protect 1.0.0 a 1.4.1 es vulnerable a la inyección de encabezados HTTP, causada por una validación incorrecta de la entrada por parte de los encabezados HOST. Esto podría permitir que un atacante realice varios ataques contra el sistema vulnerable, incluido cross-site scripting, envenenamiento de caché o secuestro de sesión. • https://exchange.xforce.ibmcloud.com/vulnerabilities/276101 https://www.ibm.com/support/pages/node/7106918 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •