CVE-2024-27261 — Exposed Dangerous Method or Function in IBM Storage Defender Resiliency Service

CWE-749 — Exposed Dangerous Method or Function3 documents3 sources

Severity

6.8MEDIUMNVD

CNA6.4

EPSS

0.0%

top 90.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Storage Defender Resiliency Service IBM Storage Defender

Timeline

PublishedApr 12

Description

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/storage_defender_resiliency_service2.0 — 2.0.3

▶CVEListV5ibm/storage_defender2.0.0 — 2.0.2

🔴Vulnerability Details

CVEList

IBM Storage Defender - Resiliency Service privilege escalation↗2024-04-12

▶

GHSA

GHSA-c2c7-3m88-9jm2: IBM Storage Defender - Resiliency Service 2↗2024-04-12

▶