CVE-2024-45636

IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially exposing sensitive information.

Assigner: ibm
Reserved: 03.09.2024 Published: 11.06.2026 Updated: 11.06.2026

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 4.1

Attack Vector	Local	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	IBM
Product	Security QRadar EDR
Versions	affected from 3.12.0 to 3.12.24 (incl.)

Vendor

IBM

Product

Security QRadar EDR

Versions

affected from 3.12.0 to 3.12.24 (incl.)

Solutions

IBM encourages customers to update their systems promptly.

ProductFix versionIBM Security QRadar EDR3.12.25

The IBM Security QRadar EDR operator can be upgraded automatically when new compatible versions are available. However, you can control whether an operator is upgraded automatically by setting an approval strategy.

Two approval strategies are available:

Automatic (default) - New operator versions are installed automatically when they are available on the subscription channel.
Manual - When a new operator version is available on the subscription channel, the subscription indicates that an update is available, but you must approve the update manually.

For more information about the manual installation process, view Installing QRadar EDR https://www.ibm.com/docs/en/security-qradar-edr/3.12

References

Problem Types