CVE-2023-50957

CWE-312 — Cleartext Storage of Sensitive Info CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.2HIGH

EPSS

0.1%

top 79.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Storage Defender - Resiliency Service IBM Storage Defender Resiliency Service

Timeline

PublishedFeb 10

Description

IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.3 | Impact: 6.0

Affected Packages2 packages

▶NVDibm/storage_defender_resiliency_service2.0

▶CVEListV5ibm/storage_defender_-_resiliency_service2.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-pvv9-mc25-j2pr: IBM Storage Defender - Resiliency Service 2↗2024-02-10

▶

CVEList

IBM Storage Defender - Resiliency Service privilege escalation↗2024-02-10

▶