CVE-2024-27277Sensitive Information Exposure in IBM Storage Protect Plus Server

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.5MEDIUMNVD
CNA6.2
EPSS
0.0%
top 91.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Storage Protect Plus ServerIBM Storage Protect Plus
Timeline
PublishedMar 21

Description

The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/storage_protect_plus_server10.1.010.1.16
NVDibm/storage_protect_plus10.1.010.1.6

🔴Vulnerability Details

2
GHSA
GHSA-w7x3-wfj7-w6gw: The private key for the IBM Storage Protect Plus Server 102024-03-21
CVEList
IBM Storage Protect Plus Server information disclosure2024-03-21
CVE-2024-27277 — Sensitive Information Exposure in IBM | cvebase