Potential Security Vulnerability in IBM Storage Defender - Resiliency Service 2.0 Could Allow Unauthorized Access to Encrypted Data
CVE-2023-50957

7.2HIGH

Key Information:

Vendor: IBM
Status: Storage Defender - Resiliency Service
Vendor: CVE Published:; 10 February 2024

Summary

IBM Storage Defender - Resiliency Service 2.0 has a vulnerability that enables a privileged user to execute unauthorized actions after accessing encrypted data from its clear text key storage. This flaw poses significant security risks, as it potentially allows sensitive data manipulation and unauthorized access, leading to compromised systems and data integrity. Organizations utilizing this service should apply necessary security measures promptly to mitigate exposure.

Affected Version(s)

Storage Defender - Resiliency Service 2.0

References

https://www.ibm.com/support/pages/node/7115261

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/275783

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 10, 2024
Vulnerability Reserved
Dec 16, 2023