CVE-2024-38324
EUVD-2024-3726725.09.2024, 01:15
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ibm | storage_defender | 2.0.0 ≤ 𝑥 < 2.0.8 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-297 - Improper Validation of Certificate with Host MismatchThe software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
- CWE-295 - Improper Certificate ValidationThe software does not validate, or incorrectly validates, a certificate.