Brute Force Vulnerability in IBM Storage Defender Exposes Product to Enumeration

CVE-2024-38322
5.3MEDIUM

Key Information

Vendor
IBM
Status
Storage Defender - Resiliency Service
Vendor
Published:
28 June 2024

Summary

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869.

Affected Version(s)

Storage Defender - Resiliency Service <= 2.0.4

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
HIGH
Integrity:
NONE
Availability:
NONE
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.