CVE-2024-38324

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.
References
Link Resource
https://www.ibm.com/support/pages/node/7168640 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:storage_defender:*:*:*:*:*:*:*:*

History

30 Sep 2024, 14:10

Type Values Removed Values Added
References () https://www.ibm.com/support/pages/node/7168640 - () https://www.ibm.com/support/pages/node/7168640 - Vendor Advisory
CPE cpe:2.3:a:ibm:storage_defender:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 5.9
v2 : unknown
v3 : 6.5
First Time Ibm
Ibm storage Defender
CWE CWE-295

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) La CLI de defender-sensor-cmd local de IBM Storage Defender 2.0.0 a 2.0.7 no valida el nombre del servidor durante las operaciones de registro y anulación de registro, lo que podría exponer información confidencial a un atacante con acceso al sistema.

25 Sep 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 01:15

Updated : 2024-09-30 14:10


NVD link : CVE-2024-38324

Mitre link : CVE-2024-38324

CVE.ORG link : CVE-2024-38324


JSON object : View

Products Affected

ibm

  • storage_defender
CWE
CWE-295

Improper Certificate Validation

CWE-297

Improper Validation of Certificate with Host Mismatch