CVE-2024-38324

Name of the Vulnerable Software and Affected Versions IBM Storage Defender versions 2.0.0 through 2.0.7

Description The issue concerns the defender-sensor-cmd CLI in IBM Storage Defender, which does not validate the server name during registration and unregistration operations. This could potentially expose sensitive information to an attacker with access to the system.

Recommendations For IBM Storage Defender versions 2.0.0 through 2.0.7, consider restricting access to the defender-sensor-cmd CLI to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of registration and unregistration operations to trusted users and systems.