IBM Security Qradar Edr
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Security Qradar Edr.
By the Year
In 2026 there have been 3 vulnerabilities in IBM Security Qradar Edr with an average score of 6.2 out of ten. Last year, in 2025 Security Qradar Edr had 8 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Security Qradar Edr in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.65.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 6.17 |
| 2025 | 8 | 5.51 |
| 2024 | 5 | 5.22 |
It may take a day or so for new Security Qradar Edr vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Security Qradar Edr Security Vulnerabilities
IBM QRadar EDR 3.12-3.12.23 auth session expiry bypass -> impersonation
CVE-2025-36376
6.3 - Medium
- February 17, 2026
IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.
Insufficient Session Expiration
IBM QRadar EDR 3.12-3.12.23 Session Invalidation Flaw Enables Impersonation
CVE-2025-36377
6.3 - Medium
- February 17, 2026
IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.
Insufficient Session Expiration
IBM QRadar EDR 3.12-3.12.23 Weak Crypto May Enable Decryption
CVE-2025-36379
5.9 - Medium
- February 17, 2026
IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
Inadequate Encryption Strength
IBM ReaQta EDR 3.12 Unauthorized Actions via SSL Cert Validation Flaw
CVE-2024-45641
6.5 - Medium
- May 20, 2025
IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation.
Improper Certificate Validation
IBM ReaQta EDR 3.12 Spoofing via Host-Client Path Interference
CVE-2023-33861
6.5 - Medium
- May 20, 2025
IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client.
Improper Certificate Validation
IBM ReaQta 3.12 POV: Privileged Upload/Processing Vulnerability
CVE-2024-45644
4.7 - Medium
- March 19, 2025
IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
Unrestricted File Upload
QRadar 3.12 EDR Weak Cryptography Allows Credential Decryption
CVE-2024-45643
7.5 - High
- March 14, 2025
IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.
Use of a Broken or Risky Cryptographic Algorithm
IBM QRadar 3.12 EDR Plain Text Credential Storage Vulnerability
CVE-2024-45638
4.4 - Medium
- March 14, 2025
IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.
Unprotected Storage of Credentials
Authenticated RCE via Untrusted Inputs in IBM Security ReaQta 3.12
CVE-2024-45654
4.3 - Medium
- January 19, 2025
IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs.
Reliance on Untrusted Inputs in a Security Decision
IBM Security ReaQta 3.12 Info Disclosure in HTTP Response
CVE-2024-45640
5.3 - Medium
- January 07, 2025
IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
IBM Security ReaQta 3.12 Privileged DoS via Admin Requests
CVE-2024-45100
4.9 - Medium
- January 07, 2025
IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources.
Allocation of Resources Without Limits or Throttling
IBM Security ReaQta 3.12 Cross-Site Scripting Vulnerability in Web UI
CVE-2024-45642
5.3 - Medium
- November 14, 2024
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Permissive Cross-domain Policy with Untrusted Domains
IBM Security ReaQta 3.12 Cross-Site Scripting Vulnerability in Web UI
CVE-2024-45099
4.8 - Medium
- November 14, 2024
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
XSS
IBM QRadar EDR 3.12 Sensitive Info Disclosure via Login Response Discrepancy
CVE-2023-33859
5.3 - Medium
- July 10, 2024
IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697.
Observable Response Discrepancy
IBM Security QRadar EDR 3.12: HTML Injection
CVE-2023-35006
5.4 - Medium
- July 10, 2024
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Basic XSS
IBM QRadar EDR 3.12 Secure Attribute Missing on Session Cookies
CVE-2023-33860
5.3 - Medium
- July 10, 2024
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Security Qradar Edr or by IBM? Click the Watch button to subscribe.
