Lucene search

[email protected]CVE-2024-38322

HistoryJun 28, 2024 - 7:15 p.m.

CVE-2024-38322

2024-06-2819:15:06

CWE-204

[email protected]

web.nvd.nist.gov

ibm

storage defender

resiliency service

brute force enumeration

username and password

product vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869.

Affected configurations

Vulners

Node

ibmstorage_defender_resiliency_serviceRange2.0.0–2.0.4

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:storage_defender_resiliency_service:2.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:storage_defender_resiliency_service:2.0.4:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Storage Defender - Resiliency Service",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "2.0.4",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/294869

www.ibm.com/support/pages/node/7158446

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-38322

nvd1 cvelist1 vulnrichment1 ibm1