Plaintext Storage of a Password

CVE-2024-52361

Medium

5.7/10

Summary

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-256 - Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

References

Advisory Timeline

Published Dec 18, 2024

Plaintext Storage of a Password

CVE-2024-52361

Summary

CWE-256 - Plaintext Storage of a Password

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS