Sensitive Credential Exposure in IBM Storage Defender Systems
CVE-2023-50956

4.4MEDIUM

Key Information:

Vendor: IBM
Status: Storage Defender - Resiliency Service
Vendor: CVE Published:; 18 December 2024

Summary

CVE-2023-50956 is a severe vulnerability affecting IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.9. This security flaw could allow a privileged user to access sensitive user credentials stored in clear text, posing significant risks to data integrity and confidentiality within the affected systems. If left unmitigated, this vulnerability may lead to unauthorized access and exploitation of sensitive information.

Affected Version(s)

Storage Defender - Resiliency Service 2.0.0 <= 2.0.9

References

https://www.ibm.com/support/pages/node/7178587

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2024
Vulnerability Reserved
Dec 16, 2023