cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-38325,https://securityvulnerability.io/vulnerability/CVE-2024-38325,Sensitive Information Exposure in IBM Storage Defender CLI,"IBM Storage Defender versions 2.0.0 through 2.0.7 are prone to a vulnerability that allows a remote attacker to gain access to sensitive information through insecure channel communications. By leveraging man-in-the-middle techniques, an attacker can exploit this weakness to intercept data, potentially leading to unauthorized access to confidential information. Users should ensure they are using secured communication protocols to mitigate this risk.",IBM,Storage Defender - Resiliency Service,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,false,,2025-01-27T15:27:18.934Z,0
CVE-2023-50956,https://securityvulnerability.io/vulnerability/CVE-2023-50956,Sensitive Credential Exposure in IBM Storage Defender Systems,"CVE-2023-50956 is a severe vulnerability affecting IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.9. This security flaw could allow a privileged user to access sensitive user credentials stored in clear text, posing significant risks to data integrity and confidentiality within the affected systems. If left unmitigated, this vulnerability may lead to unauthorized access and exploitation of sensitive information.",IBM,Storage Defender - Resiliency Service,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-18T15:24:57.948Z,0
CVE-2024-38324,https://securityvulnerability.io/vulnerability/CVE-2024-38324,Unvalidated Server Names Expose Sensitive Information in IBM Storage Defender 2.0.0-2.0.7,IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.,IBM,Storage Defender - Resiliency Service,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-09-25T01:15:00.000Z,0
CVE-2024-38322,https://securityvulnerability.io/vulnerability/CVE-2024-38322,Brute Force Vulnerability in IBM Storage Defender Exposes Product to Enumeration,A discrepancy in error response handling for usernames and passwords in IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.4 exposes the application to brute force enumeration attacks. Attackers may exploit this flaw to gather valid usernames and facilitate unauthorized access. Organizations utilizing affected versions are advised to implement appropriate security measures and stay informed on available patches.,IBM,Storage Defender - Resiliency Service,7.5,HIGH,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-06-28T18:34:40.769Z,0
CVE-2024-25031,https://securityvulnerability.io/vulnerability/CVE-2024-25031,Inadequate Account Lockout Setting Exposes IBM Storage Defender to Brute Force Attacks,IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials.  IBM X-Force ID:  281678.,IBM,Storage Defender - Resiliency Service,6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-28T18:32:31.632Z,0
CVE-2024-22313,https://securityvulnerability.io/vulnerability/CVE-2024-22313,Hard-coded Credentials in IBM Storage Defender - Resiliency Service 2.0,"IBM Storage Defender - Resiliency Service 2.0 is affected by a serious vulnerability that involves the presence of hard-coded credentials. These credentials are utilized for various critical functions, including inbound authentication and outbound communication with external components. The existence of such hard-coded elements presents significant risks, as they can be exploited by unauthorized users to gain access to sensitive data or systems. Effective credential management and security practices are essential to mitigate the risks associated with this vulnerability.",IBM,Storage Defender - Resiliency Service,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-10T15:43:31.231Z,0
CVE-2024-22312,https://securityvulnerability.io/vulnerability/CVE-2024-22312,IBM Storage Defender Resiliency Service 2.0 Stores User Credentials in Plain Text,IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user.  IBM X-Force ID:  278748.,IBM,Storage Defender - Resiliency Service,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-10T15:41:46.345Z,0
CVE-2023-50957,https://securityvulnerability.io/vulnerability/CVE-2023-50957,Potential Security Vulnerability in IBM Storage Defender - Resiliency Service 2.0 Could Allow Unauthorized Access to Encrypted Data,"IBM Storage Defender - Resiliency Service 2.0 has a vulnerability that enables a privileged user to execute unauthorized actions after accessing encrypted data from its clear text key storage. This flaw poses significant security risks, as it potentially allows sensitive data manipulation and unauthorized access, leading to compromised systems and data integrity. Organizations utilizing this service should apply necessary security measures promptly to mitigate exposure.",IBM,Storage Defender - Resiliency Service,7.2,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2024-02-10T15:30:55.922Z,0