Ibm: >> Security Qradar Edr >> 3.12.3 Security Vulnerabilities
IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.
CVSS Score
6.3
EPSS Score
0.001
Published
2026-02-17
IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-20
IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-05-20
IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.
CVSS Score
4.1
EPSS Score
0.0
Published
2025-03-14
IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-03-14
IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-01-19
IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources.
CVSS Score
4.9
EPSS Score
0.001
Published
2025-01-07
IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-07
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-11-14
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
3.1
EPSS Score
0.001
Published
2024-11-14
Page 1