Cyber Resilience

CVE-2024-45643

Medium

Published: 14 March 2025

Published
14 March 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0005 15.4th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-45643 is a medium-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Ibm Security Qradar Edr. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 15.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).

Deeper analysis

IBM Security QRadar 3.12 EDR is affected by CVE-2024-45643, a vulnerability stemming from the use of weaker than expected cryptographic algorithms. This issue, classified under CWE-327 (Broken or Risky Cryptographic Algorithm), enables an attacker to decrypt sensitive credential information stored or transmitted by the product. The vulnerability received a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact but no integrity or availability effects.

A remote attacker with no privileges or user interaction required can exploit this over the network, though it demands high attack complexity. Successful exploitation allows the attacker to decrypt sensitive credential information, potentially exposing authentication data or other secrets used within QRadar 3.12 EDR environments.

IBM has published a security advisory with details on mitigation at https://www.ibm.com/support/pages/node/7185938. Security practitioners should consult this bulletin for patch availability, workaround guidance, and affected version specifics.

EU & UK References

Vulnerability details

IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Why these techniques?

The vulnerability allows remote exploitation of weak cryptography to decrypt and obtain sensitive credentials, directly mapping to Exploitation for Credential Access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-43178Same product: Linux Linux Kernel
CVE-2025-71116Same product: Linux Linux Kernel
CVE-2024-41763Same product: Linux Linux Kernel
CVE-2025-13916Same product: Linux Linux Kernel
CVE-2022-49251Same product: Linux Linux Kernel
CVE-2025-21743Same product: Linux Linux Kernel
CVE-2026-43028Same product: Linux Linux Kernel
CVE-2026-31774Same product: Linux Linux Kernel
CVE-2026-23325Same product: Linux Linux Kernel
CVE-2026-31699Same product: Linux Linux Kernel

Affected Assets

ibm
security qradar edr
3.12 — 3.12.16

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-13 mandates FIPS-validated cryptography and prohibits outdated or insecure algorithms, directly preventing the use of weak cryptographic algorithms that enable decryption of sensitive credentials.

prevent

SI-2 requires timely identification, reporting, and correction of security flaws like the weak cryptographic algorithms in QRadar EDR, mitigating the vulnerability through patching or upgrades.

prevent

SC-28 enforces cryptographic protection of information at rest using FIPS-validated modules, addressing decryption risks for stored sensitive credential information.

References