CVE-2024-25023

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 95.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Qradar SuiteIBM Cloud PAK FOR SecurityIBM Qradar Suite Software
Timeline
PublishedJul 10

Description

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5ibm/qradar_suite_software1.10.12.01.10.22.0
NVDibm/qradar_suite1.10.12.01.10.23.0
CVEListV5ibm/cloud_pak_for_security1.10.0.01.10.11.0
NVDibm/cloud_pak1.10.0.01.10.11.0

🔴Vulnerability Details

2
GHSA
GHSA-jr25-frc3-r97p: IBM Cloud Pak for Security 12024-07-10
CVEList
IBM QRadar Suite Software information disclosure2024-07-09
CVE-2024-25023 (MEDIUM CVSS 5.5) | IBM Cloud Pak for Security 1.10.0.0 | cvebase.io