2651 matches found
Design/Logic Flaw
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748...
CVE-2024-22313
Affected product: IBM Storage Defender - Resiliency Service (2.0). Root cause: hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. Impact (as stated): information disclosure with local access risk (confidentiality impact). Remediation: IBM’...
CVE-2024-22313 IBM Storage Defender - Resiliency Service information disclosure
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749...
CVE-2024-22313 IBM Storage Defender - Resiliency Service information disclosure
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749...
CVE-2024-22312 IBM Storage Defender - Resiliency Service information disclosure
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748...
CVE-2024-22312
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text, enabling information disclosure to a local attacker. This is documented across multiple sources (NVD/RH Red Hat, CNVD, and related IBM advisories). The vulnerability affects the Resiliency Service component...
CVE-2024-22312 IBM Storage Defender - Resiliency Service information disclosure
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748...
CVE-2023-50957 IBM Storage Defender - Resiliency Service privilege escalation
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783...
CVE-2023-50957 IBM Storage Defender - Resiliency Service privilege escalation
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783...
CVE-2023-50957
CVE-2023-50957 concerns IBM Storage Defender – Resiliency Service (Connection Manager). The Red Hat and other feeds describe a privilege escalation where a privileged user could perform unauthorized actions after obtaining encrypted data from a plaintext keystore. Affected product: IBM Storage De...
IBM Storage Defender 安全漏洞
IBM Storage Defender is a solution from International Business Machines IBM that provides end-to-end data resiliency. A privilege mismanagement vulnerability exists in IBM Storage Defender Connection Manager, which stems from a Resiliency Service that could allow a privileged user to perform...
IBM Storage Defender 信任管理问题漏洞
IBM Storage Defender is a software suite that enables data resiliency and is part of the IBM Storage portfolio of products and services. An information disclosure vulnerability exists in IBM Storage Defender-Resiliency Service, which can be exploited by a local attacker to obtain hard-coded...
IBM Storage Defender 安全漏洞
IBM Storage Defender is a software suite that enables data resiliency and is part of the IBM Storage portfolio of products and services. An information disclosure vulnerability exists in IBM Storage Defender-Resiliency Service, which can be exploited by a local attacker to submit a special reques...
PT-2024-19335 · Ibm · Ibm Storage Defender - Resiliency Service
Name of the Vulnerable Software and Affected Versions: IBM Storage Defender - Resiliency Service version 2.0 Description: The issue allows a local user to read user credentials stored in plain clear text. Recommendations: For IBM Storage Defender - Resiliency Service version 2.0, consider...
Security Bulletin: Vulnerabilities in Axios, Node.js, VMWare tools, and Linux Kernel might affect IBM Storage Defender – Data Protect.
Summary IBM Storage Defender – Data Protect is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The vulnerabiliti...
Security Bulletin: Kubernetes secrets in IBM Storage Defender Connection Manager on-prem environment are not encrypted by default (CVE-2023-50957, CVE-2024-22312, CVE-2024-22313)
Summary Kubernetes secrets in the IBM Storage Defender Connection Manager on-premises environment OVA are obfuscated using base64 encoding instead of being encrypted. An attacker who has gained root access to the environment can read the secrets from the Kubernetes configuration. The...
Mispadu Stealer’s New Variant Targets Browser Data of Mexican Users
By Waqas The new variant of Mispadu Stealer was discovered by Palo Alto's Unit 42 researchers while investigating the Windows Defender SmartScreen vulnerability. This is a post from HackRead.com Read the original post: Mispadu Stealers New Variant Targets Browser Data of Mexican Users...
PurpleKeep - Providing Azure Pipelines To Create An Infrastructure And Run Atomic Tests
With the rapidly increasing variety of attack techniques and a simultaneous rise in the number of detection rules offered by EDRs Endpoint Detection and Response and custom-created ones, the need for constant functional testing of detection rules has become evident. However, manually re-running...
Security Bulletin: Open redirect in parameter might affect IBM Storage Defender – Data Protect.
Summary IBM Storage Defender – Data Protect is vulnerable and that can result in phishing and social engineering exposure. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-50963 DESCRIPTION: IBM Storage Defender - Data Protect is vulnerable to HTTP header injection,...
CVE-2023-50963
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...