Ibm Storage Defender - Resiliency Service vulnerabilities

CVE-2025-64650 [MEDIUM] CWE-532 CVE-2025-64650: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credent IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.

CVE-2024-22314 [MEDIUM] CWE-327 CVE-2024-22314: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptograph IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVE-2024-38325 [MEDIUM] CWE-311 CVE-2024-38325: IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote atta IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

CVE-2024-47119 [MEDIUM] CWE-295 CVE-2024-47119: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certifica IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.

CVE-2023-50956 [MEDIUM] CWE-256 CVE-2023-50956: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obt IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.

CVE-2024-52361 [MEDIUM] CWE-256 CVE-2024-52361: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9  stores user credentials in plain IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod.

CVE-2024-38324 [MEDIUM] CWE-297 CVE-2024-38324: IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server na IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.

CVE-2024-38322 [MEDIUM] CWE-204 CVE-2024-38322: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error resp IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869.

CVE-2024-25031 [MEDIUM] CWE-307 CVE-2024-25031: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout set IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678.

CVE-2024-22313 [MEDIUM] CWE-798 CVE-2024-22313: IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.

CVE-2023-50957 [HIGH] CWE-312 CVE-2023-50957: IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.

CVE-2024-22312 [MEDIUM] CWE-256 CVE-2024-22312: IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.