Brute Force Vulnerability in IBM Storage Defender Exposes Product to Enumeration
CVE-2024-38322

7.5HIGH

Key Information:

Vendor: IBM
Status: Storage Defender - Resiliency Service
Vendor: CVE Published:; 28 June 2024

Summary

A discrepancy in error response handling for usernames and passwords in IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.4 exposes the application to brute force enumeration attacks. Attackers may exploit this flaw to gather valid usernames and facilitate unauthorized access. Organizations utilizing affected versions are advised to implement appropriate security measures and stay informed on available patches.

Affected Version(s)

Storage Defender - Resiliency Service 2.0.0 <= 2.0.4

References

https://www.ibm.com/support/pages/node/7158446

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/294869

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Jun 13, 2024