CVE-2024-38324

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.
References
Link Resource
https://www.ibm.com/support/pages/node/7168640 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:storage_defender:*:*:*:*:*:*:*:*

History

30 Sep 2024, 14:10

Type Values Removed Values Added
First Time Ibm storage Defender
Ibm
CWE CWE-295
CVSS v2 : unknown
v3 : 5.9
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:ibm:storage_defender:*:*:*:*:*:*:*:*
References () https://www.ibm.com/support/pages/node/7168640 - () https://www.ibm.com/support/pages/node/7168640 - Vendor Advisory

26 Sep 2024, 13:32

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 01:15

Updated : 2024-09-30 14:10


NVD link : CVE-2024-38324

Mitre link : CVE-2024-38324

CVE.ORG link : CVE-2024-38324


JSON object : View

Products Affected

ibm

  • storage_defender
CWE
CWE-295

Improper Certificate Validation

CWE-297

Improper Validation of Certificate with Host Mismatch