Multiple vulnerabilities in IBM Storage Defender - Resiliency Service
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2025-32873 CVE-2025-31115 CVE-2018-1313 CVE-2016-0800 CVE-2016-2108 CVE-2024-57699 CVE-2023-1370 CVE-2025-47278 |
| CWE-ID | CWE-400 CWE-122 CWE-264 CWE-327 CWE-120 CWE-399 CWE-674 CWE-310 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Storage Defender - Resiliency Service Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU108774
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-32873
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the django.utils.html.strip_tags() function. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Defender - Resiliency Service: 2.0.0 - 2.0.13
CPE2.3- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235454
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU106970
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-31115
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the lzma_stream_decoder_mt() function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Defender - Resiliency Service: 2.0.0 - 2.0.13
CPE2.3- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235454
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU12420
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1313
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to bypass security restrictions to the target system.
The weakness exists in the Network Server component due to improper security restrictions. If the Derby Network Server is started without specifying a security manager, the Derby Network Server will install a default Java security manager that enforces a basic policy. A remote attacker can send a specially crafted packet and cause the system to boot a database for which the location and contents of the database are under the attacker's control.
Install update from vendor's website.
Vulnerable software versionsStorage Defender - Resiliency Service: 2.0.0 - 2.0.13
CPE2.3- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235454
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU1914
Risk: Medium
CVSSv4.0: 9.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2016-0800
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to decrypt sensitive information.
The vulnerability exists due to usage of weak SSLv2 protocol, which requires to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data. A remote attacker can decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle.
The vulnerability is dubbed "DROWN" attack.
Install update from vendor's website.
Vulnerable software versionsStorage Defender - Resiliency Service: 2.0.0 - 2.0.13
CPE2.3- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235454
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
5) Memory corruption
EUVDB-ID: #VU638
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-2108
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause memory corruption on the target system.
The weakness exists due to buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. As ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value, attacker may easily corrupt memory.
Successful exploitation of the vulnerability will allow a malicious user to trigger memory corruption on the vulnerable system.
Install update from vendor's website.
Vulnerable software versionsStorage Defender - Resiliency Service: 2.0.0 - 2.0.13
CPE2.3- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235454
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU106926
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-57699
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a specially crafted JSON input. A remote attacker can pass a large number of ’{’ characters to the application and perform a denial of service (DoS) attack.
Note, the vulnerability exists due to incomplete fix for #VU75044 (CVE-2023-1370).
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Defender - Resiliency Service: 2.0.0 - 2.0.13
CPE2.3- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235454
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Uncontrolled Recursion
EUVDB-ID: #VU75044
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-1370
CWE-ID:
CWE-674 - Uncontrolled Recursion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion when processing nested arrays and objects. A remote attacker can pass specially crafted JSON data to the application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsStorage Defender - Resiliency Service: 2.0.0 - 2.0.13
CPE2.3- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235454
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Cryptographic issues
EUVDB-ID: #VU109059
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-47278
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to the way fallback key configuration was handled. The application used the last fallback key for signing, rather than the current signing key, which could potentially lead to data tampering.
Install update from vendor's website.
Vulnerable software versionsStorage Defender - Resiliency Service: 2.0.0 - 2.0.13
CPE2.3- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:storage_defender_-_resiliency_service:2.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7235454
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
