CVE Catalog

CVE-2024-45636

MediumCVSS 4.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

IBM Security QRadar EDR versions 3.12 through 3.12.24 store user credentials in plain text, which can be read by a local privileged user.

Risk Assessment

Storing passwords in plain text poses a risk of unauthorized access to the system by local privileged users, potentially leading to serious security breaches.

Recommendation

It is recommended to upgrade to the latest version of IBM Security QRadar EDR that improves the way credentials are stored.

Original NVD description (English source)

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS