CVE-2024-45642 — Permissive Cross-domain Security Policy with Untrusted Domains in IBM Security Qradar EDR

CWE-942 — Permissive Cross-domain Security Policy with Untrusted Domains3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 77.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Qradar EDR IBM Security Reaqta

Timeline

PublishedNov 14

Description

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/security_reaqta3.12

▶NVDibm/security_qradar_edr3.12 — 3.12.12

🔴Vulnerability Details

CVEList

IBM Security ReaQta information disclosure↗2024-11-14

▶

GHSA

GHSA-6j5p-p5gv-2c73: IBM Security ReaQta 3↗2024-11-14

▶