Cryptographic Weakness in IBM Storage Defender Products
CVE-2024-22314

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Storage Defender - Resiliency Service
Vendor: CVE Published:; 16 April 2025

What is CVE-2024-22314?

IBM Storage Defender - Resiliency Service versions 2.0.0 to 2.0.12 exhibit a vulnerability due to the implementation of weaker-than-expected cryptographic algorithms. This shortcoming could potentially enable attackers to decrypt sensitive information, posing significant risks to data integrity and confidentiality. Addressing this vulnerability requires immediate attention to enhance the security posture of the affected products.

Affected Version(s)

Storage Defender - Resiliency Service 2.0.0 <= 2.0.12

References

https://www.ibm.com/support/pages/node/7229903

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Jan 8, 2024