2.0.4

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

ibm

CWE-307

NVD

Published: 2024-06-28

Updated: 2024-08-01

Summary

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Storage Defender 2.0.0 IBM Storage Defender 2.0.4	2

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.ibm.com/support/pages/node/7158446
https://exchange.xforce.ibmcloud.com/vulnerabilities/281678