Security Qradar Edr

security_qradar_edr

Vendor: Ibm • 14 CVEs

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-36376 1Ibm 1Security Qradar Edr Feb 20, 2026 Feb 17, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.
CVE-2024-45641 1Ibm 1Security Qradar Edr Jul 15, 2025 May 20, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation.
CVE-2023-33861 1Ibm 1Security Qradar Edr Jul 15, 2025 May 20, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client.
CVE-2024-45644 1Ibm 1Security Qradar Edr Jul 15, 2025 Mar 19, 2025 N/A· v4 4.7 MEDIUM· v3 N/A· v2 IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2024-45643 1Ibm 1Security Qradar Edr Jul 16, 2025 Mar 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.
CVE-2024-45638 1Ibm 1Security Qradar Edr Jul 16, 2025 Mar 14, 2025 N/A· v4 4.4 MEDIUM· v3 N/A· v2 IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.
CVE-2024-45654 1Ibm 1Security Qradar Edr Jul 16, 2025 Jan 19, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs.
CVE-2024-45640 1Ibm 1Security Qradar Edr Jul 15, 2025 Jan 7, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system.
CVE-2024-45100 1Ibm 1Security Qradar Edr Jul 16, 2025 Jan 7, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources.
CVE-2024-45642 1Ibm 1Security Qradar Edr Nov 16, 2024 Nov 14, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...Show more IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2024-45099 1Ibm 1Security Qradar Edr Nov 16, 2024 Nov 14, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...Show more IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.Show less
CVE-2023-35006 1Ibm 1Security Qradar Edr Sep 15, 2025 Jul 10, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hostin...Show more IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.Show less
CVE-2023-33860 1Ibm 1Security Qradar Edr May 19, 2025 Jul 10, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a...Show more IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.Show less
CVE-2023-33859 1Ibm 1Security Qradar Edr Nov 21, 2024 Jul 10, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697.