CVE-2024-45643
Published: 14 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Security Summary
IBM Security QRadar 3.12 EDR is affected by CVE-2024-45643, a vulnerability stemming from the use of weaker than expected cryptographic algorithms. This issue, classified under CWE-327 (Broken or Risky Cryptographic Algorithm), enables an attacker to decrypt sensitive credential information stored or transmitted by the product. The vulnerability received a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact but no integrity or availability effects.
A remote attacker with no privileges or user interaction required can exploit this over the network, though it demands high attack complexity. Successful exploitation allows the attacker to decrypt sensitive credential information, potentially exposing authentication data or other secrets used within QRadar 3.12 EDR environments.
IBM has published a security advisory with details on mitigation at https://www.ibm.com/support/pages/node/7185938. Security practitioners should consult this bulletin for patch availability, workaround guidance, and affected version specifics.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows remote exploitation of weak cryptography to decrypt and obtain sensitive credentials, directly mapping to Exploitation for Credential Access.