CVE-2024-25024

Name of the Vulnerable Software and Affected Versions IBM QRadar Suite Software versions 1.10.12.0 through 1.10.23.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0

Description The issue is related to the storage of user credentials in plain clear text, which can be read by a local user. This can allow an attacker to gain unauthorized access to protected information. The vulnerability is associated with the unencrypted storage of credentials in IBM QRadar Suite and IBM Cloud Pak for Security.

Recommendations For IBM QRadar Suite Software versions 1.10.12.0 through 1.10.23.0, update to a version that stores user credentials securely. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version that stores user credentials securely. As a temporary workaround, consider restricting access to sensitive information and limiting user privileges to minimize the risk of exploitation.