CVE-2024-45636 (GCVE-0-2024-45636)
Vulnerability from cvelistv5 – Published: 2026-06-11 15:10 – Updated: 2026-06-11 15:41
VLAI
Title
IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially exposing sensitive information.
Summary
IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.
Severity
4.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7274828 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Security QRadar EDR |
Affected:
3.12.0 , ≤ 3.12.24
(semver)
cpe:2.3:a:ibm:security_qradar_edr:3.12:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_qradar_edr:3.12.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:security_qradar_edr:3.12.24:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T15:41:43.602422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T15:41:51.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_qradar_edr:3.12:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_qradar_edr:3.12.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:security_qradar_edr:3.12.24:*:*:*:*:*:*:*"
],
"product": "Security QRadar EDR",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "3.12.24",
"status": "affected",
"version": "3.12.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.\u003c/p\u003e"
}
],
"value": "IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T15:10:38.269Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7274828"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM encourages customers to update their systems promptly.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFix version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Security QRadar EDR\u003c/td\u003e\u003ctd\u003e3.12.25\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe IBM Security QRadar EDR operator can be upgraded automatically when new compatible versions are available. However, you can control whether an operator is upgraded automatically by setting an approval strategy.\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eTwo approval strategies are available:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAutomatic (default) - New operator versions are installed automatically when they are available on the subscription channel.\u003c/li\u003e\u003cli\u003eManual - When a new operator version is available on the subscription channel, the subscription indicates that an update is available, but you must approve the update manually.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information about the manual installation process, view\u0026nbsp;\u003ca href=\"https://www.ibm.com/docs/en/security-qradar-edr/3.12?topic=overview-whats-new-changed\" rel=\"noopener noreferrer nofollow\"\u003eInstalling QRadar EDR\u003c/a\u003e\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nProductFix versionIBM Security QRadar EDR3.12.25\n\n\n\n\n\n\n\nThe IBM Security QRadar EDR operator can be upgraded automatically when new compatible versions are available. However, you can control whether an operator is upgraded automatically by setting an approval strategy.\n\n\n\nTwo approval strategies are available:\n\n * Automatic (default) - New operator versions are installed automatically when they are available on the subscription channel.\n * Manual - When a new operator version is available on the subscription channel, the subscription indicates that an update is available, but you must approve the update manually.\n\n\n\n\nFor more information about the manual installation process, view\u00a0 Installing QRadar EDR https://www.ibm.com/docs/en/security-qradar-edr/3.12"
}
],
"title": "IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially exposing sensitive information.",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-45636",
"datePublished": "2026-06-11T15:10:38.269Z",
"dateReserved": "2024-09-03T13:49:55.577Z",
"dateUpdated": "2026-06-11T15:41:51.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45636\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2026-06-11T16:16:21.357\",\"lastModified\":\"2026-06-11T20:56:29.653\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.5,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-256\"}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7274828\",\"source\":\"psirt@us.ibm.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45636\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-11T15:41:43.602422Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-11T15:41:46.369Z\"}}], \"cna\": {\"title\": \"IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially exposing sensitive information.\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:security_qradar_edr:3.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:security_qradar_edr:3.12.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:security_qradar_edr:3.12.24:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Security QRadar EDR\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.12.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.12.24\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM encourages customers to update their systems promptly.\\n\\nProductFix versionIBM Security QRadar EDR3.12.25\\n\\n\\n\\n\\n\\n\\n\\nThe IBM Security QRadar EDR operator can be upgraded automatically when new compatible versions are available. However, you can control whether an operator is upgraded automatically by setting an approval strategy.\\n\\n\\n\\nTwo approval strategies are available:\\n\\n * Automatic (default) - New operator versions are installed automatically when they are available on the subscription channel.\\n * Manual - When a new operator version is available on the subscription channel, the subscription indicates that an update is available, but you must approve the update manually.\\n\\n\\n\\n\\nFor more information about the manual installation process, view\\u00a0 Installing QRadar EDR https://www.ibm.com/docs/en/security-qradar-edr/3.12\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM encourages customers to update their systems promptly.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFix version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Security QRadar EDR\u003c/td\u003e\u003ctd\u003e3.12.25\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe IBM Security QRadar EDR operator can be upgraded automatically when new compatible versions are available. However, you can control whether an operator is upgraded automatically by setting an approval strategy.\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eTwo approval strategies are available:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAutomatic (default) - New operator versions are installed automatically when they are available on the subscription channel.\u003c/li\u003e\u003cli\u003eManual - When a new operator version is available on the subscription channel, the subscription indicates that an update is available, but you must approve the update manually.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information about the manual installation process, view\u0026nbsp;\u003ca href=\\\"https://www.ibm.com/docs/en/security-qradar-edr/3.12?topic=overview-whats-new-changed\\\" rel=\\\"noopener noreferrer nofollow\\\"\u003eInstalling QRadar EDR\u003c/a\u003e\u003c/p\u003e\u003c/div\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7274828\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-256\", \"description\": \"CWE-256 Plaintext Storage of a Password\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-06-11T15:10:38.269Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45636\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-11T15:41:51.536Z\", \"dateReserved\": \"2024-09-03T13:49:55.577Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-06-11T15:10:38.269Z\", \"assignerShortName\": \"ibm\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…