Impact
IBM Security QRadar EDR versions 3.12 through 3.12.24 store user credentials in plain text, allowing any local privileged user to read these credentials. The flaw is a classic plaintext storage weakness identified as CWE-256 and CWE-522. This weakness does not provide remote access or code execution; it simply permits disclosure of authentication information within the scope of the local privileged user.
Affected Systems
Affected products are IBM Security QRadar EDR 3.12, 3.12.1 to 3.12.24. The product fix that addresses the issue is version 3.12.25; any earlier releases can be upgraded to this patched version.
Risk and Exploitability
The CVSS score of 4.1 indicates a moderate severity. The EPSS score of <1% indicates a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, suggesting it is not actively exploited. Attackers would need local privileged access to the system to read the plaintext credentials, so the primary risk is confidentiality loss to users who have such access. Overall the vulnerability is low to moderate risk in typical environments with strict local privilege controls.
OpenCVE Enrichment