Ibm Storage Defender Resiliency Service vulnerabilities

CVE-2025-64650 [MEDIUM] CWE-532 CVE-2025-64650: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credent IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.

CVE-2024-22314 [MEDIUM] CWE-327 CVE-2024-22314: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptograph IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVE-2024-47119 [MEDIUM] CWE-295 CVE-2024-47119: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certifica IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.

CVE-2023-50956 [MEDIUM] CWE-256 CVE-2023-50956: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obt IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.

CVE-2024-52361 [MEDIUM] CWE-256 CVE-2024-52361: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9  stores user credentials in plain IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod.

CVE-2024-38322 [MEDIUM] CWE-204 CVE-2024-38322: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error resp IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869.

CVE-2024-27261 [MEDIUM] CWE-749 CVE-2024-27261: IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to insta IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.

CVE-2024-22313 [MEDIUM] CWE-798 CVE-2024-22313: IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.

CVE-2023-50957 [HIGH] CWE-312 CVE-2023-50957: IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.

CVE-2024-22312 [MEDIUM] CWE-256 CVE-2024-22312: IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.