CVE-2024-45640 – IBM Security ReaQta 3.12 discloses sensitive in... (How to Fix)

Q: What is the severity of CVE-2024-45640?

CVE-2024-45640 has a CVSS score of 5.3 (MEDIUM). IBM Security ReaQta 3.12 discloses sensitive information in HTTP responses that could aid attackers in reconnaissance or further exploitation. This affects organizations using IBM Security ReaQta 3.12 for endpoint detection and response. The vulnerability exposes system details that could facilitate targeted attacks.

📋 TL;DR

IBM Security ReaQta 3.12 discloses sensitive information in HTTP responses that could aid attackers in reconnaissance or further exploitation. This affects organizations using IBM Security ReaQta 3.12 for endpoint detection and response. The vulnerability exposes system details that could facilitate targeted attacks.

💻 Affected Systems

Products:

IBM Security ReaQta

Versions: 3.12

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects IBM Security ReaQta 3.12 specifically; other versions may be unaffected.

📦 What is this software?

Security Qradar Edr by Ibm

View all CVEs affecting Security Qradar Edr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain critical system information enabling privilege escalation, lateral movement, or complete system compromise through chained attacks.

🟠

Likely Case

Information disclosure provides attackers with reconnaissance data about the ReaQta deployment, making subsequent attacks more targeted and effective.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to information disclosure without direct system compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to HTTP responses from the ReaQta system, typically through network access or user interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fix as per IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7180313

Restart Required: Yes

Instructions:

1. Review IBM advisory at provided URL. 2. Apply recommended fix or update. 3. Restart affected services. 4. Verify fix implementation.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to IBM Security ReaQta to trusted IPs only

Web Application Firewall Rules

all

Configure WAF to filter or block sensitive information in HTTP responses

🧯 If You Can't Patch

Implement strict network segmentation to isolate ReaQta systems
Monitor HTTP traffic for unusual patterns or information disclosure

🔍 How to Verify

Check if Vulnerable:

Test HTTP responses from ReaQta 3.12 for sensitive information disclosure

Check Version:

Check ReaQta version in administration interface or via system commands

Verify Fix Applied:

Verify HTTP responses no longer contain sensitive information after applying fix

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP request patterns to ReaQta endpoints
Multiple failed authentication attempts followed by information requests

Network Indicators:

HTTP traffic to ReaQta containing unusual response patterns
External IPs accessing ReaQta interfaces

SIEM Query:

source="reaqta" AND (http_response_size > threshold OR http_response_contains_sensitive_pattern)

📊 Metadata

CVE ID: CVE-2024-45640

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-497

EPSS Score: 0.1% exploit probability (26.6th percentile)

Published: January 7, 2025

Last Updated: July 15, 2025

🔗 References

https://www.ibm.com/support/pages/node/7180313 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45640, you might also want to check these: