Unvalidated Server Names Expose Sensitive Information in IBM Storage Defender 2.0.0-2.0.7
CVE-2024-38324
6.5MEDIUM
Key Information
- Vendor
- IBM
- Status
- Storage Defender - Resiliency Service
- Vendor
- CVE Published:
- 25 September 2024
Summary
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.
Affected Version(s)
Storage Defender - Resiliency Service <= 2.0.7
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database