CVE-2024-25024

Published: Aug 15, 2024Modified: Mar 13, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD (Secondary)

Description

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.

Affected (2)

Products: Ibm: Cloud Pak For Security, Qradar Suite

Ibm

2 products

Cloud Pak For Security

Qradar Suite

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Cloud Pak For Security	From 1.10.0.0 to 1.10.11.0
Ibm Qradar Suite	From 1.10.12.0 to 1.10.24.0

Related CWEs

CWE-256

Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://exchange.xforce.ibmcloud.com/vulnerabilities/281430

Source: psirt@us.ibm.com

VDB Entry

https://www.ibm.com/support/pages/node/7165488

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.