SB2025090937 - Multiple vulnerabilities in IBM QRadar App SDK

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025090937

SB2025090937 - Multiple vulnerabilities in IBM QRadar App SDK

Published: September 9, 2025

Security Bulletin ID SB2025090937
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 60% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Type Confusion (CVE-ID: CVE-2024-6119)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error when performing certificate name checks. A remote attacker can supply a specially crafted X.509 certificate to the server, trigger a type confusion error and perform a denial of service (DoS) attack.


2) Insufficiently protected credentials (CVE-ID: CVE-2024-47081)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the library leaks .netrc credentials to third parties for specific maliciously-crafted URLs. A remote attacker can gain access to sensitive information. 


3) Protection Mechanism Failure (CVE-ID: CVE-2025-50182)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of the Redirect object when handling redirects and retries in a Pyodide runtime. A remote attacker can force the library to follow redirects even if explicitly disabled.


4) Protection Mechanism Failure (CVE-ID: CVE-2025-50181)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of the Redirect object when handling redirects and retries. A remote attacker can force the library to follow redirects even if explicitly disabled with PoolManager.


5) Improper authentication (CVE-ID: CVE-2024-12797)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error when using RFC7250 Raw Public Keys (RPKs) to authenticate a server. TLS and DTLS connections using raw public keys are vulnerable to man-in-middle attacks when server authentication failure is not detected by clients.

Note, the vulnerability can be exploited only when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain.


Remediation

Install update from vendor's website.

References