Storage Defender - Resiliency Service
by IBM
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-50957 | Hig | 0.52 | 8.0 | 0.00 | Feb 10, 2024 | IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783. | ||
| CVE-2024-25031 | Med | 0.42 | 6.5 | 0.00 | Jun 28, 2024 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678. | ||
| CVE-2024-27261 | Med | 0.42 | 6.4 | 0.00 | Apr 12, 2024 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986. | ||
| CVE-2024-22313 | Med | 0.40 | 6.2 | 0.00 | Feb 10, 2024 | IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. | ||
| CVE-2024-22314 | Med | 0.38 | 5.9 | 0.00 | Apr 16, 2025 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||
| CVE-2024-38325 | Med | 0.38 | 5.9 | 0.00 | Jan 27, 2025 | IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information… | ||
| CVE-2024-47119 | Med | 0.38 | 5.9 | 0.00 | Dec 18, 2024 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. | ||
| CVE-2024-38324 | Med | 0.38 | 5.9 | 0.00 | Sep 25, 2024 | IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system. | ||
| CVE-2024-52361 | Med | 0.37 | 5.7 | 0.01 | Dec 18, 2024 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod. | ||
| CVE-2024-38322 | Med | 0.34 | 5.3 | 0.00 | Jun 28, 2024 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869. | ||
| CVE-2023-50956 | Med | 0.29 | 4.4 | 0.00 | Dec 18, 2024 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. | ||
| CVE-2024-22312 | Med | 0.29 | 4.4 | 0.00 | Feb 10, 2024 | IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | ||
| CVE-2025-64650 | 0.00 | — | 0.00 | Dec 8, 2025 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files. |
- risk 0.52cvss 8.0epss 0.00
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.
- risk 0.42cvss 6.5epss 0.00
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678.
- risk 0.42cvss 6.4epss 0.00
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.
- risk 0.40cvss 6.2epss 0.00
IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749.
- risk 0.38cvss 5.9epss 0.00
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- risk 0.38cvss 5.9epss 0.00
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information…
- risk 0.38cvss 5.9epss 0.00
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.
- risk 0.38cvss 5.9epss 0.00
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.
- risk 0.37cvss 5.7epss 0.01
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod.
- risk 0.34cvss 5.3epss 0.00
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869.
- risk 0.29cvss 4.4epss 0.00
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.
- risk 0.29cvss 4.4epss 0.00
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.
- CVE-2025-64650Dec 8, 2025risk 0.00cvss —epss 0.00
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.