CVE-2024-38325
- EPSS 0.02%
- Published 27.01.2025 16:15:31
- Last modified 14.08.2025 19:10:41
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obt...
CVE-2024-52361
- EPSS 0.03%
- Published 18.12.2024 16:15:13
- Last modified 08.08.2025 12:53:47
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod.
CVE-2024-38324
- EPSS 0.08%
- Published 25.09.2024 01:15:40
- Last modified 30.09.2024 14:10:18
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.
CVE-2024-25031
- EPSS 0.04%
- Published 28.06.2024 19:15:04
- Last modified 21.11.2024 09:00:09
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678.
CVE-2024-27261
- EPSS 0.03%
- Published 12.04.2024 13:15:15
- Last modified 10.03.2025 16:18:05
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.