CVE-2024-28782

MEDIUM

IBM QRadar Suite Software <1.10.18.0 - Info Disclosure

Title source: llm

Description

IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698.

References (2)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7145683

[Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/285698

Scores

CVSS v3 6.3

EPSS 0.0005

EPSS Percentile 16.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-256

Status published

Products (2)

ibm/cloud_pak_for_security 1.10.0.0 - 1.10.11.0

ibm/qradar_suite 1.10.12.0 - 1.10.18.0

Published Apr 03, 2024

Tracked Since Feb 18, 2026