CVE-2024-38324

Summary

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.

Affected Software

VendorProductVersion RangeStatus
IBMStorage Defender - Resiliency Service2.0.0 <= 2.0.7affected

Weaknesses

  • CWE-297: CWE-297 Improper Validation of Certificate with Host Mismatch

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References