IBM Storage Defender Resiliency Service Denial-of-Service Vulnerability

MEDIUM (6.5) No Patch (6 days)
cwe-532denial-of-serviceibmibm-storageresiliency-servicevulnerability

Threat Intelligence

Low Risk
EPSS Score: 0.03% chance of exploitation (percentile: 9%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The IBM Storage Defender Resiliency Service is a software component designed to provide resiliency and disaster recovery capabilities for IBM storage systems. However, it has been found that this software can disclose sensitive user credentials in log files, potentially leading to unauthorized access to sensitive data.

Am I affected?

Affected versions: 2.0.18 If you don't recognise this software, you're probably not affected.

Affected Products

IBM / Storage Defender Resiliency Service

How to fix

To fix this vulnerability, you can upgrade to a patched version of IBM Storage Defender Resiliency Service. Unfortunately, there is no public patch link available in the vendor advisory.

Immediate mitigations include:

  • Restrict network access to your IBM Storage Defender Resiliency Service instance (firewall it from the public internet)
  • Audit admin account activity for suspicious access patterns
  • Monitor for unauthorized token creation

References