CVE-2024-38325

Summary

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI

could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Affected Software

VendorProductVersion RangeStatus
IBMStorage Defender - Resiliency Service2.0.0 <= 2.0.7affected

Weaknesses

  • CWE-311: CWE-311 Missing Encryption of Sensitive Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References