CVE-2024-22313

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 94.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Storage Defender - Resiliency Service IBM Storage Defender Resiliency Service

Timeline

PublishedFeb 10

Description

IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/storage_defender_resiliency_service2.0

▶CVEListV5ibm/storage_defender_-_resiliency_service2.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM Storage Defender - Resiliency Service information disclosure↗2024-02-10

▶

GHSA

GHSA-qr65-xfh2-mrvv: IBM Storage Defender - Resiliency Service 2↗2024-02-10

▶