CVE-2024-45100

IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources.

CVE-2023-35006

IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

CVE-2024-45640

IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system.

CVE-2023-33860

IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the att...

CVE-2024-45638

IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.

CVE-2024-45644

IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVE-2023-33859

IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697.

CVE-2024-45643

IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.