SB2025031716 - Multiple vulnerabilities in IBM Security QRadar EDR

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025031716

SB2025031716 - Multiple vulnerabilities in IBM Security QRadar EDR

Published: March 17, 2025

Security Bulletin ID SB2025031716
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Insufficient technical documentation (CVE-ID: CVE-2024-51744)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due due to unclear documentation of the error behavior in "ParseWithClaims". A remote attacker can trick the victim into accepting invalid tokens, which can lead to information disclosure.


2) Resource exhaustion (CVE-ID: CVE-2024-45338)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in several Parse functions. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


3) Resource exhaustion (CVE-ID: CVE-2025-25193)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application attempts to load a file that does not exist. A local user can create a large file on the system and crash the application.

Note, the vulnerability affects Windows installations only.


4) Use of insufficiently random values (CVE-ID: CVE-2025-22150)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to the application uses "Math.random()" from the fetch() function to choose the boundary for a "multipart/form-data" request. A remote attacker with ability to intercept traffic can tamper with the requests going to the backend APIs.


5) Input validation error (CVE-ID: CVE-2025-24970)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in SslHandler when using native SSLEngine. A remote attacker can send a specially crafted packet to the application and perform a denial of service (DoS) attack.


6) Inefficient regular expression complexity (CVE-ID: CVE-2024-52798)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Remediation

Install update from vendor's website.

References