CVE-2024-45636
Received Received - Intake
Plaintext Credential Storage in IBM Security QRadar EDR

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: IBM Corporation

Description
IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2024-45636
EUVD
EUVD-2024-55619
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm security_qradar_edr From 3.12 (inc) to 3.12.24 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-256 The product stores a password in plaintext within resources such as memory or files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

IBM Security QRadar EDR versions 3.12 through 3.12.24 have a vulnerability where user credentials are stored in plain text.

This means that a local user with privileged access can read these credentials directly, potentially exposing sensitive information.

Impact Analysis

The vulnerability allows a local privileged user to access sensitive credential information stored in plain text.

This can lead to unauthorized access to accounts or systems if those credentials are misused.

The confidentiality impact is high, meaning sensitive data could be compromised, although the attack complexity is low and requires local privileged access.

Detection Guidance

This vulnerability involves user credentials being stored in plain text on IBM Security QRadar EDR versions 3.12 through 3.12.24, accessible by a local privileged user.

Detection would require checking the installed version of IBM Security QRadar EDR to see if it falls within the vulnerable range (3.12 to 3.12.24).

Since the vulnerability is local and related to stored credentials, network-based detection commands are not applicable.

Suggested command to check the installed version might be specific to the system environment, for example:

  • On the QRadar system, use a command or interface to query the software version, such as `rpm -qa | grep qradar` or checking the application version via the QRadar console.

If the version is within the vulnerable range, the system is affected.

Mitigation Strategies

IBM recommends updating IBM Security QRadar EDR to version 3.12.25, where this vulnerability has been addressed.

The fix can be applied automatically or manually depending on the operator's approval strategy.

No workarounds are currently available, so applying the update is the primary mitigation step.

Compliance Impact

The vulnerability in IBM Security QRadar EDR versions 3.12 through 3.12.24 involves storing user credentials in plain text, which can be accessed by a local privileged user. This exposure of sensitive credential information could potentially impact compliance with standards and regulations such as GDPR and HIPAA, which require protection of sensitive data and user credentials to maintain confidentiality and prevent unauthorized access.

However, the provided information does not explicitly discuss the direct effects on compliance with these regulations or any specific compliance implications.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-45636. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart