Potential Security Vulnerability in IBM Storage Defender - Resiliency Service 2.0 Could Allow Unauthorized Access to Encrypted Data
CVE-2023-50957

8HIGH

Key Information:

Vendor: IBM
Status: Storage Defender - Resiliency Service
Vendor: CVE Published:; 10 February 2024

What is CVE-2023-50957?

IBM Storage Defender - Resiliency Service 2.0 has a vulnerability that enables a privileged user to execute unauthorized actions after accessing encrypted data from its clear text key storage. This flaw poses significant security risks, as it potentially allows sensitive data manipulation and unauthorized access, leading to compromised systems and data integrity. Organizations utilizing this service should apply necessary security measures promptly to mitigate exposure.

Affected Version(s)

Storage Defender - Resiliency Service 2.0

References

https://www.ibm.com/support/pages/node/7115261

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/275783

vdb-entry

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2024
Vulnerability Reserved
Dec 16, 2023