Severity
Medium
Analysis Summary
CVE-2024-22361 CVSS:5.9
IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 – 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2024-22313 CVSS:6.2
IBM Storage Defender – Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVE-2024-22312 CVSS:4.4
IBM Storage Defender – Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user.
CVE-2023-50957 CVSS:8
IBM Storage Defender – Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage.
Impact
- Information Disclosure
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2024-22361
- CVE-2024-22313
- CVE-2024-22312
- CVE-2023-50957
Affected Vendors
IBM
Affected Products
- IBM Semeru Runtime 8.0.302.0
- IBM Semeru Runtime 11.0.12.0
- IBM Semeru Runtime 17.0.1.0
- IBM Semeru Runtime 8.0.392.0
- IBM Semeru Runtime 11.0.21.0
- IBM Semeru Runtime 17.0.9.0
- IBM Semeru Runtime 21.0.1.0
- IBM Storage Defender 2.0.0
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.