IBM Security QRadar EDR 3.12

CPE Details

IBM Security QRadar EDR 3.12
ibm
security_qradar_edr
3.12
2025-04-03
16h56 +00:00
2025-04-03
16h56 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ibm:security_qradar_edr:3.12:*:*:*:*:*:*:*

Informations

Vendor

ibm

Product

security_qradar_edr

Version

3.12

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-45642 2024-11-14 12h04 +00:00 IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
5.3
Medium
CVE-2024-45099 2024-11-14 12h02 +00:00 IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4.8
Medium
CVE-2023-33860 2024-07-10 15h28 +00:00 IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257702.
5.3
Medium
CVE-2023-33859 2024-07-10 15h26 +00:00 IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697.
5.3
Medium
CVE-2023-35006 2024-07-10 15h23 +00:00 IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 297165.
5.4
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.