Lucene search

[email protected]NVD:CVE-2024-38324

HistorySep 25, 2024 - 1:15 a.m.

CVE-2024-38324

2024-09-2501:15:40

CWE-297

[email protected]

web.nvd.nist.gov

ibm storage defender

validation

server name

registration

unregistration

sensitive information

attackers

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.6%

JSON

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.

References

www.ibm.com/support/pages/node/7168640

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

37.6%

JSON

Related for NVD:CVE-2024-38324

vulnrichment1 cvelist1 cve1 ibm1