CVE-2024-52361 MEDIUM

CVE-2024-52361: IBM Storage Defender - Resiliency Service information disclosure

Vendor Ibm
Product Storage Defender - Resiliency Service
Weakness CWE-256
Published December 18, 2024
Last update December 18, 2024

CVSS base score

5.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9  stores user credentials in plain text which can be read by an authenticated user with access to the pod.

Key dates

02Disclosure timeline

December 18, 2024 CVE published
December 18, 2024 Record updated