← back
CVE-2024-38325

IBM Storage Defender information disclosure

CVSS 5.9 MEDIUMEPSS 0.2%CWE-311
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.9EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
IBM · Storage Defender - Resiliency Service

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.ibm.com/support/pages/node/7168640