CVE-2025-25019

IBM QRadar Suite Software and IBM Cloud Pak for Security session fixation

CVSS 4.8 MEDIUMEPSS 0.2%CWE-613

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Produtos afetados

IBM · Cloud Pak for Security IBM · QRadar Suite Software

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.ibm.com/support/pages/node/7235432