CVE-2024-45643 – IBM Security QRadar 3.12 EDR uses weak cryptogr... (How to Fix)

Q: What is the severity of CVE-2024-45643?

CVE-2024-45643 has a CVSS score of 5.9 (MEDIUM). IBM Security QRadar 3.12 EDR uses weak cryptographic algorithms that could allow attackers to decrypt stored credential information. This affects organizations using vulnerable versions of QRadar EDR, potentially exposing administrative credentials and sensitive data.

📋 TL;DR

IBM Security QRadar 3.12 EDR uses weak cryptographic algorithms that could allow attackers to decrypt stored credential information. This affects organizations using vulnerable versions of QRadar EDR, potentially exposing administrative credentials and sensitive data.

💻 Affected Systems

Products:

IBM Security QRadar EDR

Versions: 3.12

Operating Systems: Linux-based QRadar appliance

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects QRadar EDR 3.12; other QRadar products are not affected.

📦 What is this software?

Security Qradar Edr by Ibm

View all CVEs affecting Security Qradar Edr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to QRadar EDR, potentially compromising the entire security monitoring infrastructure and accessing sensitive security data.

🟠

Likely Case

Attackers decrypt stored credentials to gain unauthorized access to QRadar EDR systems, potentially modifying security policies or accessing sensitive security data.

🟢

If Mitigated

Limited impact if strong network segmentation and access controls prevent attackers from reaching vulnerable systems.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to encrypted credential storage and knowledge of weak cryptographic implementation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fix as per IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7185938

Restart Required: Yes

Instructions:

1. Review IBM advisory 2. Download and apply the fix from IBM Fix Central 3. Restart QRadar EDR services 4. Verify cryptographic algorithms have been updated

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to QRadar EDR systems to authorized management networks only

Credential Rotation

all

Rotate all credentials stored in QRadar EDR to limit exposure window

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach QRadar EDR systems
Monitor for unusual authentication attempts or credential access patterns

🔍 How to Verify

Check if Vulnerable:

Check QRadar EDR version via QRadar console or command line; version 3.12 is vulnerable

Check Version:

qradar_edr_version_check or check via QRadar administration console

Verify Fix Applied:

Verify fix has been applied through QRadar administration interface and check cryptographic algorithms in use

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns
Multiple failed credential decryption attempts
Unauthorized access to credential storage

Network Indicators:

Unusual network traffic to QRadar EDR credential storage locations
Suspicious outbound connections from QRadar EDR systems

SIEM Query:

source="QRadar_EDR" AND (event_type="authentication_failure" OR event_type="credential_access")

📊 Metadata

CVE ID: CVE-2024-45643

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-327

EPSS Score: 0.05% exploit probability (13.9th percentile)

Published: March 14, 2025

Last Updated: July 16, 2025

🔗 References

https://www.ibm.com/support/pages/node/7185938 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45643, you might also want to check these: