VYPR

Storage Defender - Resiliency Service

by IBM

CVEs (13)

  • CVE-2023-50957HigFeb 10, 2024
    risk 0.52cvss 8.0epss 0.00

    IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.

  • CVE-2024-25031MedJun 28, 2024
    risk 0.42cvss 6.5epss 0.00

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678.

  • CVE-2024-27261MedApr 12, 2024
    risk 0.42cvss 6.4epss 0.00

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.

  • CVE-2024-22313MedFeb 10, 2024
    risk 0.40cvss 6.2epss 0.00

    IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.

  • CVE-2024-22314MedApr 16, 2025
    risk 0.38cvss 5.9epss 0.00

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

  • CVE-2024-38325MedJan 27, 2025
    risk 0.38cvss 5.9epss 0.00

    IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information…

  • CVE-2024-47119MedDec 18, 2024
    risk 0.38cvss 5.9epss 0.00

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.

  • CVE-2024-38324MedSep 25, 2024
    risk 0.38cvss 5.9epss 0.00

    IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.

  • CVE-2024-52361MedDec 18, 2024
    risk 0.37cvss 5.7epss 0.01

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9  stores user credentials in plain text which can be read by an authenticated user with access to the pod.

  • CVE-2024-38322MedJun 28, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869.

  • CVE-2023-50956MedDec 18, 2024
    risk 0.29cvss 4.4epss 0.00

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.

  • CVE-2024-22312MedFeb 10, 2024
    risk 0.29cvss 4.4epss 0.00

    IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.

  • CVE-2025-64650Dec 8, 2025
    risk 0.00cvss epss 0.00

    IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.