
CVE-2025-25020 – IBM QRadar Suite Software and IBM Cloud Pak for Security improper input validation
https://notcve.org/view.php?id=CVE-2025-25020
03 Jun 2025 — IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input. • https://www.ibm.com/support/pages/node/7235432 • CWE-1287: Improper Validation of Specified Type of Input •

CVE-2025-1334 – IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2025-1334
03 Jun 2025 — IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system. • https://www.ibm.com/support/pages/node/7235432 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •

CVE-2025-25021 – IBM QRadar Suite Software and IBM Cloud Pak for Security code injection
https://notcve.org/view.php?id=CVE-2025-25021
03 Jun 2025 — IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code. • https://www.ibm.com/support/pages/node/7235432 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2025-25022 – IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2025-25022
03 Jun 2025 — IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files. • https://www.ibm.com/support/pages/node/7235432 • CWE-260: Password in Configuration File •

CVE-2025-25019 – IBM QRadar Suite Software and IBM Cloud Pak for Security session fixation
https://notcve.org/view.php?id=CVE-2025-25019
03 Jun 2025 — IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system. • https://www.ibm.com/support/pages/node/7235432 • CWE-613: Insufficient Session Expiration •

CVE-2023-47728 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2023-47728
16 Aug 2024 — IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. This information could be used in further attacks against the system. IBM X-Force ID: 272201. • https://www.ibm.com/support/pages/node/7161427 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVE-2024-25024 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2024-25024
15 Aug 2024 — IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 281430. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281430 • CWE-256: Plaintext Storage of a Password •

CVE-2024-28799 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2024-28799
14 Aug 2024 — IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173. IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result i... • https://exchange.xforce.ibmcloud.com/vulnerabilities/287173 • CWE-214: Invocation of Process Using Visible Sensitive Information •

CVE-2022-38382 – IBM Cloud Pak for Security session fixation
https://notcve.org/view.php?id=CVE-2022-38382
13 Aug 2024 — IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another user to obtain sensitive information. IBM X-Force ID: 233672. IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 does not invalidate session after logout which could allow another authenticated user to obtain sensitive information. IBM X-Force ID: 233672. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233672 • CWE-613: Insufficient Session Expiration •

CVE-2024-25023 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2024-25023
09 Jul 2024 — IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429. IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite Software 1.10.12.0 a 1.10.22.0 almacenan información potencialmente confidencial en archivos de registro que un usuario local podría leer. ID de IBM X-Force: 281429. • https://exchange.xforce.ibmcloud.com/vulnerabilities/281429 • CWE-312: Cleartext Storage of Sensitive Information •