Primary

Context

IBM Storage Defender Sensitive Information Disclosure Vulnerability via Insecure Network Channel

Vulnerability

Patched

A vulnerability in IBM Storage Defender versions 2.0.0 to 2.0.7 has been identified, allowing remote attackers to intercept sensitive information through man-in-the-middle techniques. This issue arises from the defender-sensor-cmd CLI sending network requests over an insecure channel.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information.

Remediation

Users are advised to upgrade to IBM Storage Defender version 2.0.8 or newer, where the Connection Manager includes the necessary fixes. Instructions for upgrading can be found in the IBM Storage Defender Resiliency Service documentation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Storage Defender Sensitive Information Disclosure Vulnerability via Insecure Network Channel

Vulnerability

Impact

Remediation

Affected Products

IBM Storage Defender - Resiliency Service

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating