Skip to main content

Security Qradar Edr CVE-2024-45099

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-11-14 psirt@us.ibm.com
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 14, 2024 - 12:15 nvd
MEDIUM 4.8

DescriptionNVD

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

AnalysisAI

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Affected products include: Ibm Security Qradar Edr.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-33861 MEDIUM
6.5 May 20

IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication pat

CVE-2024-45641 MEDIUM
6.5 May 20

IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate val

CVE-2025-36376 MEDIUM
6.3 Feb 17

Security Qradar Edr versions up to 3.12.23 is affected by insufficient session expiration (CVSS 6.3).

CVE-2024-45643 MEDIUM
5.9 Mar 14

IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt

CVE-2024-45642 MEDIUM
5.3 Nov 14

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.3), this vulnerability is

CVE-2024-45644 MEDIUM
4.7 Mar 19

IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatical

CVE-2024-45636 MEDIUM
4.4 Jun 11

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileg

CVE-2024-45638 MEDIUM
4.1 Mar 14

IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user. Rated m

CVE-2024-45654 MEDIUM
4.3 Jan 19

IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted

CVE-2024-45640 MEDIUM
5.3 Jan 07

IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against

CVE-2024-45100 MEDIUM
4.9 Jan 07

IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration r

Share

CVE-2024-45099 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy