June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Apache Products Vulnerabilities
September 25, 2024
MoneyGram’s Service Disrupted Due to Cyberattack
September 25, 2024
Multiple Apache Products Vulnerabilities
September 25, 2024
MoneyGram’s Service Disrupted Due to Cyberattack
September 25, 2024
Severity
High
Analysis Summary
CVE-2024-38324 CVSS:5.9
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system.
CVE-2021-38963 CVSS:8
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-38324
- CVE-2021-38963
Affected Vendors
IBM
Affected Products
- IBM Aspera Console 3.4.0
- IBM Storage Defender 2.0.0
- IBM Storage Defender 2.0.7
- IBM Aspera Console 3.4.4
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.