PT-2026-20251 · Ibm · Ibm Security Qradar Edr
Published
2026-02-17
·
Updated
2026-02-18
·
CVE-2025-36377
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM Security QRadar EDR versions 3.12 through 3.12.23
Description
IBM Security QRadar EDR does not invalidate sessions after they expire. This could allow an authenticated user to impersonate another user on the system.
Recommendations
Update IBM Security QRadar EDR to a version later than 3.12.23.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Qradar Edr