Description
IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.
Published: 2026-06-11
Score: 4.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM Security QRadar EDR versions 3.12 through 3.12.24 store user credentials in plain text, allowing any local privileged user to read these credentials. The flaw is a classic plaintext storage weakness identified as CWE-256 and CWE-522. This weakness does not provide remote access or code execution; it simply permits disclosure of authentication information within the scope of the local privileged user.

Affected Systems

Affected products are IBM Security QRadar EDR 3.12, 3.12.1 to 3.12.24. The product fix that addresses the issue is version 3.12.25; any earlier releases can be upgraded to this patched version.

Risk and Exploitability

The CVSS score of 4.1 indicates a moderate severity. The EPSS score of <1% indicates a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, suggesting it is not actively exploited. Attackers would need local privileged access to the system to read the plaintext credentials, so the primary risk is confidentiality loss to users who have such access. Overall the vulnerability is low to moderate risk in typical environments with strict local privilege controls.

Generated by OpenCVE AI on June 18, 2026 at 01:51 UTC.

Remediation

Vendor Solution

IBM encourages customers to update their systems promptly. ProductFix versionIBM Security QRadar EDR3.12.25 The IBM Security QRadar EDR operator can be upgraded automatically when new compatible versions are available. However, you can control whether an operator is upgraded automatically by setting an approval strategy. Two approval strategies are available: * Automatic (default) - New operator versions are installed automatically when they are available on the subscription channel. * Manual - When a new operator version is available on the subscription channel, the subscription indicates that an update is available, but you must approve the update manually. For more information about the manual installation process, view  Installing QRadar EDR https://www.ibm.com/docs/en/security-qradar-edr/3.12


OpenCVE Recommended Actions

  • Update IBM Security QRadar EDR to version 3.12.25 or later and enable automatic operator upgrades when available.
  • Restrict local privileged account usage and enforce the principle of least privilege to limit who can access credentials.
  • Configure QRadar to use encrypted credential storage if the product supports it, and routinely audit credential access logs for unauthorized read activity.

Generated by OpenCVE AI on June 18, 2026 at 01:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-522
CPEs cpe:2.3:a:ibm:security_qradar_edr:*:*:*:*:*:*:*:*

Thu, 11 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 11 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Description IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.
Title IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially exposing sensitive information.
First Time appeared Ibm
Ibm security Qradar Edr
Weaknesses CWE-256
CPEs cpe:2.3:a:ibm:security_qradar_edr:3.12.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_qradar_edr:3.12.24:*:*:*:*:*:*:*
cpe:2.3:a:ibm:security_qradar_edr:3.12:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm security Qradar Edr
References
Metrics cvssV3_1

{'score': 4.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Ibm Security Qradar Edr
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-06-11T15:41:51.536Z

Reserved: 2024-09-03T13:49:55.577Z

Link: CVE-2024-45636

cve-icon Vulnrichment

Updated: 2026-06-11T15:41:46.369Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-11T16:16:21.357

Modified: 2026-06-16T16:26:21.547

Link: CVE-2024-45636

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T02:00:05Z

Weaknesses
  • CWE-256

    Plaintext Storage of a Password

  • CWE-522

    Insufficiently Protected Credentials