Lucene search

IbmCVELIST:CVE-2024-38324

HistorySep 24, 2024 - 10:24 a.m.

CVE-2024-38324 IBM Storage Defender improper certificate validation

2024-09-2410:24:43

CWE-297

ibm

www.cve.org

ibm

storage defender

certificate validation

sensitive information

attacker access

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.6%

JSON

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:storage_defender_resiliency_service:2.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:storage_defender_resiliency_service:2.0.7:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "Storage Defender - Resiliency Service",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "2.0.7",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.ibm.com/support/pages/node/7168640

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.6%

JSON

Related for CVELIST:CVE-2024-38324