Security Bulletin: IBM Storage Defender: Data Protect critical vulnerabilities resolved in release Defender 2.1.4/Data Protect 7.4

Summary IBM Storage Defender: Data Protect critical vulnerabilities resolved in release Defender 2.1.4/Data Protect 7.4. The vulnerabilities have been addressed in Data Protect 7.4, which is included in IBM Storage Defender 2.1.4 Vulnerability Details CVEID:CVE-2021-45960 DESCRIPTION: In Expat ak...

Security Bulletin: IBM Storage Defender: Data Protect critical vulnerabilities resolved in release Defender 2.1.0/Data Protect 7.3

Summary IBM Storage Defender: Data Protect critical vulnerabilities resolved in release Defender 2.1.0/Data Protect 7.3. The vulnerabilities have been addressed in Data Protect 7.3, which is included in IBM Storage Defender 2.1.0 Vulnerability Details CVEID:CVE-2025-20260 DESCRIPTION: A...

Security Bulletin: Critical Fixes for IBM Storage Defender - Data Protect included in 2.0.15

Summary IBM Storage Defender - Data Protect is vulnerable to CVE-2024-48910 and CVE-2024-47875. Fixes for these CVEs are included in version 2.0.15. Vulnerability Details CVEID:CVE-2024-48910 DESCRIPTION: DOMPurify could allow a remote authenticated attacker to execute arbitrary code on the syste...

Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2_u1

Summary Security Bulletin: IBM Storage Defender: Data Protect vulnerabilities resolved in release Defender 2.0.14/Data Protect 7.2.2u1. The vulnerabilities have been addressed in Data Protect 7.2.2u1, which is included with IBM Storage Defender 2.0.14. Vulnerability Details CVEID:CVE-2023-26118...

Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect

Summary There are multiple vulnerabilities in Open Source packages that affect IBM Storage Defender – Data Protect. These vulnerabilities can result in runtime errors, denial of service, remote code execution, arbitrary command execution, bypass of security restrictions, incorrect file permission...

Security Bulletin: IBM Storage Defender Data Protect vulnerable to CVE-2024-45801 due to dependency on Open Source library.

Summary IBM Storage Defender Data Protect is vulnerable to CVE-2024-45801 due to dependency on Open Source library. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in dept...

Security Bulletin: Potential Denial of Service in IBM Storage Defender - Data Protect

Summary IBM Storage Defender - Data Protect is potentially vulnerable to a denial of service attack via CVE-2022-21698. Vulnerability Details CVEID:CVE-2022-21698 DESCRIPTION: Prometheus Go client library clientgolang is vulnerable to a denial of service, caused by a flaw when handling requests...

Security Bulletin: Privilege escalation attack might affect IBM Storage Defender – Data Protect

Summary IBM Storage Defender – Data Protect is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilitiy has been addressed. CVE-2023-4623 Vulnerability Details CVEID:CVE-2023-4623 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to...

Security Bulletin: Open redirect in parameter might affect IBM Storage Defender – Data Protect.

Summary IBM Storage Defender – Data Protect is vulnerable and that can result in phishing and social engineering exposure. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-50963 DESCRIPTION: IBM Storage Defender - Data Protect is vulnerable to HTTP header injection,...

CVE-2023-50963

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

CVE-2023-50963

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

Cross site scripting

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

CVE-2023-50963

IBM Storage Defender – Data Protect versions 1.0.0–1.4.1 are vulnerable to HTTP header injection due to improper validation of HOST headers, enabling attacks such as cross-site scripting, cache poisoning, or session hijacking as described in IBM X-Force/Red Hat advisories. Remediation: IBM recomm...

CVE-2023-50963 IBM Storage Defender HTTP HOST header injection

IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

PT-2024-12424 · Cohesity · Cohesity Dataprotect

Name of the Vulnerable Software and Affected Versions: Cohesity DataProtect versions prior to 6.8.1 u5 Cohesity DataProtect versions prior to 7.1 Description: The issue is related to incorrect access control due to a lack of TLS Certificate Validation. Recommendations: For Cohesity DataProtect...

IBM Storage Defender Input Validation Error Vulnerability

IBM Storage Defender is a solution from International Business Machines IBM that provides end-to-end data resiliency. An input validation error vulnerability exists in IBM Storage Defender - Data Protect versions 1.0.0 through 1.4.1, which stems from vulnerability to HTTP header injection attacks...

PT-2024-14033 · Ibm · Ibm Storage Defender - Data Protect

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender - Data Protect versions 1.0.0 through 1.4.1 Description: The issue is caused by improper validation of input by the HOST headers, leading to HTTP header injection. This could allow an attacker to conduct various attacks...

Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect

Summary IBM Storage Defender – Data Protect is vulnerable and that can result in runtime errors, denial of service attacks, remote code execution, or remote access authentication bypass. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2018-17142 DESCRIPTION: Golang Go is...