Cyber Resilience

CVE-2024-38325

Medium

Published: 27 January 2025

Published
27 January 2025
Modified
14 August 2025
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0005 17.1th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38325 is a medium-severity Missing Encryption of Sensitive Data (CWE-311) vulnerability in Ibm Storage Defender. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 17.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2024-38325 affects IBM Storage Defender versions 2.0.0 through 2.0.7, specifically the on-prem defender-sensor-cmd CLI component. The vulnerability arises from the CLI sending network requests over an insecure channel, which could allow a remote attacker to obtain sensitive information. It is classified under CWE-311 (Missing Encryption of Sensitive Data) with a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity primarily due to high confidentiality impact.

A remote attacker with no privileges or user interaction required can exploit this vulnerability, though it demands high attack complexity, likely involving positioning for man-in-the-middle (MITM) techniques on the network path. Successful exploitation enables the attacker to intercept and obtain sensitive information transmitted by the CLI, without impacting integrity or availability.

For mitigation details, refer to the IBM security bulletin at https://www.ibm.com/support/pages/node/7168640, which provides information on patches and remediation steps.

EU & UK References

Vulnerability details

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in…

more

the middle techniques.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Missing encryption enables MITM interception of sensitive data in transit (T1557 Adversary-in-the-Middle).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-3356Same vendor: Ibm
CVE-2025-0162Same vendor: Ibm
CVE-2024-49782Same vendor: Ibm
CVE-2025-12531Same vendor: Ibm
CVE-2025-36251Same vendor: Ibm
CVE-2026-4788Same vendor: Ibm
CVE-2025-36070Same vendor: Ibm
CVE-2025-14923Same vendor: Ibm
CVE-2026-8633Same vendor: Ibm
CVE-2025-36368Same vendor: Ibm

Affected Assets

ibm
storage defender
2.0.0 — 2.0.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires protection of the confidentiality of sensitive information transmitted over networks by the defender-sensor-cmd CLI, directly preventing MITM interception via insecure channels.

prevent

Mandates cryptographic mechanisms to prevent unauthorized disclosure of sensitive data in transit, addressing the missing encryption in CLI network requests.

prevent

Ensures timely remediation of the specific software flaw in IBM Storage Defender CLI through patching, eliminating the insecure transmission vulnerability.

References