CVE-2024-38325

CWE-3114 documents4 sources
Severity
7.5HIGH
EPSS
0.1%
top 83.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Storage DefenderIBM Storage Defender - Resiliency Service
Timeline
PublishedJan 27

Description

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDibm/storage_defender2.0.02.0.8

🔴Vulnerability Details

2
CVEList
IBM Storage Defender information disclosure2025-01-27
GHSA
GHSA-2xxp-jv88-pg4x: IBM Storage Defender 22025-01-27

📋Vendor Advisories

1
Oracle
Oracle Oracle Communications Risk Matrix: Install/Upgrade (Cryptography) — CVE-2023-383252024-01-15
CVE-2024-38325 (HIGH CVSS 7.5) | IBM Storage Defender 2.0.0 through | cvebase.io