Inadequate Account Lockout Setting Exposes IBM Storage Defender to Brute Force Attacks

CVE-2024-25031

6.5MEDIUM

Key Information

Vendor: IBM
Status: Storage Defender - Resiliency Service
Vendor: Published:; 28 June 2024

Summary

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678.

Affected Version(s)

Storage Defender - Resiliency Service <= 2.0.4

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

HIGH

Integrity:

NONE

Availability:

NONE

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Timeline

Vulnerability published.
Jun 28, 2024
Vulnerability Reserved.
Feb 3, 2024

Collectors

NVD DatabaseMitre Database