Lucene search

IbmCVE-2024-25024

HistoryAug 15, 2024 - 3:15 a.m.

CVE-2024-25024

2024-08-1503:15:04

CWE-312

ibm

web.nvd.nist.gov

ibm

qradar

cloud pak

user credentials

plain text

security vulnerability

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

9.5%

JSON

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.

Affected configurations

Nvd

Vulners

Node

ibmcloud_pak_for_securityRange1.10.0.0–1.10.11.0

ibmqradar_suiteRange1.10.12.0–1.10.24.0

VendorProductVersionCPE
ibmcloud_pak_for_security*cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*
ibmqradar_suite*cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	cloud_pak_for_security	*	cpe:2.3:a:ibm:cloud_pak_for_security::::::::
ibm	qradar_suite	*	cpe:2.3:a:ibm:qradar_suite::::::::

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:qradar_suite:1.10.23.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:cloud_pak_for_security:1.10.11.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "QRadar Suite Software",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "1.10.23.0",
        "status": "affected",
        "version": "1.10.12.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Cloud Pak for Security",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "1.10.11.0",
        "status": "affected",
        "version": "1.10.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/281430

www.ibm.com/support/pages/node/7165488

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2024-25024