Hard-coded Credentials in IBM Storage Defender - Resiliency Service 2.0
CVE-2024-22313

7.8HIGH

Key Information:

Vendor: IBM
Status: Storage Defender - Resiliency Service
Vendor: CVE Published:; 10 February 2024

Summary

IBM Storage Defender - Resiliency Service 2.0 is affected by a serious vulnerability that involves the presence of hard-coded credentials. These credentials are utilized for various critical functions, including inbound authentication and outbound communication with external components. The existence of such hard-coded elements presents significant risks, as they can be exploited by unauthorized users to gain access to sensitive data or systems. Effective credential management and security practices are essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

Storage Defender - Resiliency Service 2.0

References

https://www.ibm.com/support/pages/node/7115261

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/278749

vdb-entry

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 10, 2024
Vulnerability Reserved
Jan 8, 2024