CVE-2024-25024 — Cleartext Storage of Sensitive Info in IBM Qradar Suite

CWE-312 — Cleartext Storage of Sensitive Info CWE-256 — Plaintext Storage of a Password3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 93.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Qradar Suite IBM Cloud PAK FOR Security IBM Qradar Suite Software

Timeline

PublishedAug 15

Description

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5ibm/qradar_suite_software1.10.12.0 — 1.10.23.0

▶NVDibm/qradar_suite1.10.12.0 — 1.10.24.0

▶CVEListV5ibm/cloud_pak_for_security1.10.0.0 — 1.10.11.0

▶NVDibm/cloud_pak1.10.0.0 — 1.10.11.0

🔴Vulnerability Details

CVEList

IBM QRadar Suite Software information disclosure↗2024-08-15

▶

GHSA

GHSA-9r2g-27gf-rm9w: IBM QRadar Suite Software 1↗2024-08-15

▶