Inadequate Account Lockout Setting Exposes IBM Storage Defender to Brute Force Attacks
CVE-2024-25031
6.5MEDIUM
Summary
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678.
Affected Version(s)
Storage Defender - Resiliency Service <= 2.0.4
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
HIGH
Integrity:
NONE
Availability:
NONE
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database