Ibm Security Qradar Edr
9 CVEs affecting Ibm Security Qradar Edr. Latest disclosed: 2026-06-11. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-36377 | Medium | 6.3 | 2026-02-17 | IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate anot… |
CVE-2025-36376 | Medium | 6.3 | 2026-02-17 | IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate anot… |
CVE-2025-36379 | Medium | 5.9 | 2026-02-17 | IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt hig… |
CVE-2023-35006 | Medium | 5.4 | 2024-07-10 | IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the v… |
CVE-2024-45640 | Medium | 5.3 | 2025-01-07 | IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system. |
CVE-2023-33860 | Medium | 5.3 | 2024-07-10 | IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by se… |
CVE-2023-33859 | Medium | 5.3 | 2024-07-10 | IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697. |
CVE-2024-45100 | Medium | 4.9 | 2025-01-07 | IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of r… |
CVE-2024-45636 | Medium | 4.1 | 2026-06-11 | IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. |