CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
18.9%
Kubernetes secrets in the IBM Storage Defender Connection Manager on-premises environment (OVA) are obfuscated using base64 encoding instead of being encrypted. An attacker who has gained root access to the environment can read the secrets from the Kubernetes configuration. The vulnerabilities have been addressed.
CVEID:CVE-2023-50957
**DESCRIPTION:**IBM Storage Defender - Resiliency Service could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage.
CVSS Base score: 8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275783 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVEID:CVE-2024-22312
**DESCRIPTION:**IBM Storage Defender - Resiliency Service stores user credentials in plain clear text which can be read by a local user.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/278748 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2024-22313
**DESCRIPTION:**IBM Storage Defender - Resiliency Service contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/278749 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Storage Defender - Resiliency Service | 2.0.0 |
The Connection Manager included with Defender 2.0.1 and newer provides the fixes. If using a version of the Connection Manager obtained from Defender 2.0, IBM strongly recommends contacting support for assistance with upgrading.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | storage_defender | 2.0.1 | cpe:2.3:a:ibm:storage_defender:2.0.1:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
18.9%