5.5
CVE-2024-25024
- EPSS 0.12%
- Veröffentlicht 15.08.2024 03:15:04
- Zuletzt bearbeitet 13.03.2025 20:15:17
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM QRadar Suite Software information disclosure
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Cloud Pak For Security Version >= 1.10.0.0 <= 1.10.11.0
Ibm ≫ Qradar Suite Version >= 1.10.12.0 < 1.10.24.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.021 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| psirt@us.ibm.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-256 Plaintext Storage of a Password
The product stores a password in plaintext within resources such as memory or files.
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
https://www.ibm.com/support/pages/node/7165488
https://exchange.xforce.ibmcloud.com/vulnerabilities/281430