CVE-2024-56464

Q: What is the severity of CVE-2024-56464?

CVE-2024-56464 has a CVSS score of 2.7 (LOW). IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 IF01 have an information disclosure vulnerability that exposes directory information. This could allow attackers to discover internal file structures and potentially identify other vulnerabilities. Organizations running these specific QRadar versions are affected.

2.7 LOW

📋 TL;DR

IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 IF01 have an information disclosure vulnerability that exposes directory information. This could allow attackers to discover internal file structures and potentially identify other vulnerabilities. Organizations running these specific QRadar versions are affected.

💻 Affected Systems

Products:

IBM QRadar SIEM

Versions: 7.5 through 7.5.0 UP14 IF01

Operating Systems: Linux (QRadar appliance OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects specific QRadar versions; newer versions and older versions outside this range are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could map internal directory structures, identify configuration files, discover sensitive data locations, and use this information for further attacks like privilege escalation or data exfiltration.

🟠

Likely Case

Information leakage revealing directory paths and file structures that could aid reconnaissance for more serious attacks.

🟢

If Mitigated

Limited exposure with minimal impact if proper network segmentation and access controls are in place.

🌐 Internet-Facing: MEDIUM - If QRadar is internet-facing, directory information could be exposed to external attackers for reconnaissance.

🏢 Internal Only: LOW - Internal attackers would already have some access, making directory information less valuable.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW

Information disclosure vulnerabilities typically require some level of access; no public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest update beyond 7.5.0 UP14 IF01

Vendor Advisory: https://www.ibm.com/support/pages/node/7253664

Restart Required: Yes

Instructions:

1. Log into QRadar console as administrator. 2. Navigate to Admin > Updates. 3. Check for available updates. 4. Apply the latest security update. 5. Restart QRadar services as prompted.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to QRadar management interfaces to authorized networks only.

Access Control Hardening

all

Implement strict firewall rules and authentication requirements for QRadar interfaces.

🧯 If You Can't Patch

Implement strict network segmentation to isolate QRadar from untrusted networks
Enhance monitoring and logging for unusual access patterns to QRadar interfaces

🔍 How to Verify

Check if Vulnerable:

Check QRadar version via Admin > System and License Management > About QRadar. If version is between 7.5 and 7.5.0 UP14 IF01 inclusive, system is vulnerable.

Check Version:

ssh admin@qradar-host 'cat /opt/qradar/VERSION'

Verify Fix Applied:

Verify version is updated beyond 7.5.0 UP14 IF01 and test that directory information is no longer exposed.

📡 Detection & Monitoring

Log Indicators:

Unusual directory enumeration attempts in QRadar logs
Multiple failed authentication attempts followed by directory queries

Network Indicators:

Unusual HTTP requests to QRadar management interfaces
Patterns of directory traversal attempts

SIEM Query:

source="QRadar" AND (event_name="Directory Access" OR event_name="Unauthorized Access")

📊 Metadata

CVE ID: CVE-2024-56464

CVSS v3 Score: 2.7 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-548

EPSS Score: 0.03% exploit probability (9.6th percentile)

Published: December 9, 2025

Last Updated: December 15, 2025

🔗 References

https://www.ibm.com/support/pages/node/7253664 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control Hardening

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities