Severity
Medium
Analysis Summary
CVE-2023-38018 CVSS:6.3
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system.
CVE-2024-25031 CVSS:6.5
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials.
CVE-2024-35156 CVSS:6.3
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Impact
- Gain Access
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-35156
- CVE-2024-25031
- CVE-2023-38018
Affected Vendors
IBM
Affected Products
- IBM MQ 9.3 LTS
- IBM MQ 9.3 CD
- IBM Storage Defender 2.0.0
- IBM Storage Defender 2.0.4
- IBM Aspera 1.10.0 PL2
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.