CVE-2023-50956 MEDIUM

CVE-2023-50956: IBM Storage Defender - Resiliency Service information disclosure

Vendor Ibm
Product Storage Defender - Resiliency Service
Weakness CWE-256
Published December 18, 2024
Last update December 18, 2024

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.

Key dates

02Disclosure timeline

December 18, 2024 CVE published
December 18, 2024 Record updated