CVE-2024-31905 — Vulnetix

CVE-2024-31905 PUBLISHED CVSS 5.900000095367432 MEDIUM

IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858.

EPSS 0.01% · 2.6th percentile

Risk Scores

CVSS 3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.01%

2.6th percentile

Affected Products

Vendor	Product	Versions
IBM	QRadar Network Packet Capture	7.5
ibm	qradar_network_packet_capture	7.5.0, 7.5.0, 7.5.0

Exploit Intelligence

https://www.ibm.com/support/pages/node/7160961 (circl)

Timeline

Aug 15, 2024 CVE Published
Aug 16, 2024 EPSS Score
Sep 6, 2024 EPSS Score
Sep 26, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 17, 2024 EPSS Score
Nov 7, 2024 EPSS Score
Nov 28, 2024 EPSS Score
Dec 19, 2024 EPSS Score
Jan 9, 2025 EPSS Score
Jan 30, 2025 EPSS Score
Feb 20, 2025 EPSS Score

References

https://www.ibm.com/support/pages/node/7160961 vendor-advisory
https://www.ibm.com/support/pages/node/7161462 advisory
https://www.ibm.com/support/pages/node/7160858 advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-31905 advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/289858 url

Open in Interactive Console →