CVE-2024-28782

CWE-2563 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 83.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Cloud PAK FOR SecurityIBM Qradar Suite SoftwareIBM Qradar Suite
Timeline
PublishedApr 3

Description

IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.8 | Impact: 4.0

Affected Packages4 packages

CVEListV5ibm/qradar_suite_software1.10.12.01.10.18.0
NVDibm/qradar_suite1.10.12.01.10.18.0
CVEListV5ibm/cloud_pak_for_security1.10.0.01.10.11.0
NVDibm/cloud_pak1.10.0.01.10.11.0

🔴Vulnerability Details

2
CVEList
IBM QRadar Suite Software information disclosure2024-04-03
GHSA
GHSA-qc38-w33g-cp7m: IBM QRadar Suite Software 12024-04-03
CVE-2024-28782 (MEDIUM CVSS 6.5) | IBM QRadar Suite Software 1.10.12.0 | cvebase.io