CVE-2025-36379— IBM Security QRadar EDR 加密问题漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2025-36379の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
IBM Security QRadar EDR Software has multiple vulnerabilities
ソース: NVD (National Vulnerability Database)
脆弱性説明
IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
不充分的加密强度
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
IBM Security QRadar EDR 加密问题漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
IBM Security QRadar EDR是美国国际商业机器(IBM)公司的一个终端检测与响应软件。 IBM Security QRadar EDR 3.12版本至3.12.23版本存在加密问题漏洞,该漏洞源于使用了弱于预期的加密算法,可能导致攻击者解密高度敏感信息。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| IBM | Security QRadar EDR | 3.12 ~ 3.12.23 | cpe:2.3:a:ibm:security_qradar_edr:3.12:*:*:*:*:*:*:* |
II. CVE-2025-36379の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2025-36379のインテリジェンス情報
请登录查看更多情报信息。
- Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilitiesvendor-advisorypatch
- https://nvd.nist.gov/vuln/detail/CVE-2025-36379
Same Patch Batch · IBM · 2026-02-17 · 33 CVEs total
| CVE-2025-13689 | 8.8 HIGH | DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime e |
| CVE-2025-13691 | 8.1 HIGH | DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to HTTP p |
| CVE-2025-33088 | 7.4 HIGH | Multiple Vulnerabilities in IBM Concert Software. |
| CVE-2025-36247 | 7.1 HIGH | IBM Db2 XML External Entity Reference |
| CVE-2025-27900 | 6.8 MEDIUM | Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and |
| CVE-2025-14689 | 6.5 MEDIUM | IBM Db2 Denial of Service |
| CVE-2025-13867 | 6.5 MEDIUM | IBM Db2 Denial of Service |
| CVE-2025-36018 | 6.5 MEDIUM | Multiple Vulnerabilities in IBM Concert Software. |
| CVE-2025-33089 | 6.5 MEDIUM | Multiple Vulnerabilities in IBM Concert Software. |
| CVE-2025-33124 | 6.5 MEDIUM | Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows |
| CVE-2025-33130 | 6.5 MEDIUM | Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows |
| CVE-2025-27904 | 6.5 MEDIUM | Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and |
| CVE-2025-27901 | 6.5 MEDIUM | Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and |
| CVE-2025-27898 | 6.3 MEDIUM | Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and |
| CVE-2025-36377 | 6.3 MEDIUM | IBM Security QRadar EDR Software has multiple vulnerabilities |
| CVE-2025-36376 | 6.3 MEDIUM | IBM Security QRadar EDR Software has multiple vulnerabilities |
| CVE-2025-36019 | 6.1 MEDIUM | Multiple Vulnerabilities in IBM Concert Software. |
| CVE-2025-33135 | 6.1 MEDIUM | IBM Financial Transaction Manager for ACH Services and Check Services is impacted by multi |
| CVE-2025-27903 | 5.9 MEDIUM | Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and |
| CVE-2025-33101 | 5.9 MEDIUM | Multiple Vulnerabilities in IBM Concert Software. |
Showing 20 of 33 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Security QRadar EDR
- CVE-2025-36376
IBM Security QRadar EDR Software has multiple vulnerabilitie - CVE-2025-36377
IBM Security QRadar EDR Software has multiple vulnerabilitie - CVE-2024-45100
IBM Security QRadar EDR denial of service - CVE-2024-45640
IBM Security QRadar EDR information disclosure - CVE-2023-33860
IBM Security ReaQta information disclosure
同じベンダー: IBM
- CVE-2026-1577
IBM® Db2® is vulnerable to a denial of service with a specia - CVE-2025-36122
IBM® Db2® is vulnerable to a denial of service with a specia - CVE-2025-14688
IBM® Db2® is vulnerable to a denial of service when fetching - CVE-2026-2311
IBM i is affected by a privilege escalation vulnerability in - CVE-2025-36180
Inadequate Pod Communication Restrictions, affects watsonx.d
同じ弱点: CWE-326
- CVE-2018-25272
ELBA5 5.8.0 Remote Code Execution via Database Access - CVE-2025-1241
Encryption vulnerable to brute-force decryption in GoAnywher - CVE-2026-5363
Use of weak cryptographic key in TP-Link Archer C7 - CVE-2026-39349
OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables - CVE-2026-33488
AVideo has a PGP 2FA Bypass via Cryptographically Broken 512
V. CVE-2025-36379へのコメント
まだコメントはありません