PT-2024-20710 · Ibm · Ibm Storage Defender - Resiliency Service

Published

2024-06-28

Updated

2024-08-01

CVE-2024-25031

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.4

Description The issue is related to an inadequate account lockout setting, which could allow an attacker on the network to brute force account credentials.

Recommendations For versions 2.0.0 through 2.0.4, consider implementing a more robust account lockout policy to prevent brute force attacks on account credentials. As a temporary workaround, restrict network access to the IBM Storage Defender - Resiliency Service to minimize the risk of exploitation.

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2024-25031

Affected Products

Ibm Storage Defender - Resiliency Service

PT-2024-20710 · Ibm · Ibm Storage Defender - Resiliency Service

CVE-2024-25031

Weakness Enumeration

Related Identifiers

Affected Products

References · 5