CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52361 – IBM Storage Defender - Resiliency Service information disclosure
https://notcve.org/view.php?id=CVE-2024-52361
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod. • https://www.ibm.com/support/pages/node/7178587 • CWE-256: Plaintext Storage of a Password •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50956 – IBM Storage Defender - Resiliency Service information disclosure
https://notcve.org/view.php?id=CVE-2023-50956
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. • https://www.ibm.com/support/pages/node/7178587 • CWE-256: Plaintext Storage of a Password •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47119 – IBM Storage Defender - Resiliency Service improper certificate validation
https://notcve.org/view.php?id=CVE-2024-47119
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. • https://www.ibm.com/support/pages/node/7178587 • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38324 – IBM Storage Defender improper certificate validation
https://notcve.org/view.php?id=CVE-2024-38324
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system. • https://www.ibm.com/support/pages/node/7168640 • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38322 – IBM Storage Defender information disclosure
https://notcve.org/view.php?id=CVE-2024-38322
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869. IBM Storage Defender - Resiliency Service 2.0.0 a 2.0.4 La discrepancia en la respuesta de error de nombre de usuario y contraseña del agente expone el producto a una enumeración de fuerza bruta. ID de IBM X-Force: 294869. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294869 https://www.ibm.com/support/pages/node/7158446 • CWE-204: Observable Response Discrepancy •