User Credentials Exposure in IBM QRadar Suite and Cloud Pak for Security
CVE-2024-28782

6.3MEDIUM

Key Information:

Vendor: IBM
Status: Qradar Suite Software; Cloud Pak For Security
Vendor: CVE Published:; 3 April 2024

What is CVE-2024-28782?

A vulnerability within the IBM QRadar Suite Software and IBM Cloud Pak for Security has been identified, where user credentials are stored in plain text. This security flaw allows authenticated users to access sensitive information regarding other users' credentials, potentially leading to unauthorized access and data breaches. It is essential for users and administrators to take immediate actions to mitigate this risk by updating to secure versions and implementing best practices for credential storage.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cloud Pak for Security 1.10.0.0 <= 1.10.11.0

QRadar Suite Software 1.10.12.0 <= 1.10.18.0

References

https://www.ibm.com/support/pages/node/7145683

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/285698

vdb-entry

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 3, 2024

JSON

IBM

What is CVE-2024-28782?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.