PT-2024-14027 · Ibm · Ibm Storage Defender - Resiliency Service
Published
2024-12-18
·
Updated
2024-12-19
·
CVE-2023-50956
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.9
Description
The issue could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.
Recommendations
For versions 2.0.0 through 2.0.9, update to the latest patch to mitigate risks.
As a temporary workaround, consider restricting access to secret keys until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Storage Defender - Resiliency Service