CVE-2024-45643 identifies a cryptographic vulnerability in IBM Security QRadar EDR version 3.12, where the product employs weaker-than-expected cryptographic algorithms to protect sensitive credential information. The weakness falls under CWE-327, which concerns the use of broken or risky cryptographic algorithms that can be feasibly broken or circumvented by attackers. This vulnerability allows an unauthenticated remote attacker to decrypt sensitive credentials transmitted or stored by the system, potentially exposing authentication secrets. The CVSS v3.1 score of 5.9 reflects a medium severity, with an attack vector of network (AV:N), high attack complexity (AC:H), no privileges required (PR:N), and no user interaction (UI:N). The impact is limited to confidentiality (C:H), with no impact on integrity or availability. The vulnerability does not require prior authentication or user interaction, increasing its risk profile. However, the high attack complexity suggests exploitation requires specialized conditions or knowledge. IBM QRadar EDR is widely used for security information and event management (SIEM) and endpoint detection and response (EDR), making the confidentiality of credentials critical for maintaining system security and trust. No patches have been released at the time of publication, and no known exploits are in the wild. The vulnerability was reserved in September 2024 and published in March 2025, indicating a recent discovery and disclosure. Organizations using QRadar EDR 3.12 should assess their exposure and prepare for remediation once patches become available.

The primary impact of CVE-2024-45643 is the potential exposure of sensitive credential information due to weak cryptographic protections. This can lead to unauthorized access if attackers decrypt credentials and use them to impersonate legitimate users or systems. Although the vulnerability does not affect system integrity or availability directly, compromised credentials can facilitate lateral movement, privilege escalation, or data exfiltration in a broader attack scenario. The medium severity score reflects that exploitation is non-trivial but feasible, and the confidentiality breach could undermine trust in security monitoring infrastructure. Organizations relying on IBM QRadar EDR for security event correlation and endpoint detection may face increased risk of compromise if attackers leverage decrypted credentials to bypass controls or disable defenses. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time. The vulnerability could have significant consequences in sectors with high security requirements such as government, finance, healthcare, and critical infrastructure, where QRadar EDR deployments are common.

1. Monitor IBM security advisories closely and apply patches or updates as soon as they are released to address this vulnerability. 2. In the absence of patches, disable or restrict the use of the identified weak cryptographic algorithms within QRadar EDR configurations if possible, replacing them with stronger, industry-standard algorithms like AES-256 or SHA-2 family. 3. Implement network segmentation and strict access controls to limit exposure of QRadar EDR management interfaces and communication channels to trusted networks only. 4. Use multi-factor authentication and strong credential management policies to reduce the impact of potential credential compromise. 5. Regularly audit and rotate credentials used by QRadar EDR components to minimize the window of opportunity for attackers. 6. Employ network monitoring and anomaly detection to identify unusual access patterns or attempts to exploit cryptographic weaknesses. 7. Engage with IBM support to obtain guidance on interim mitigations and configuration best practices. 8. Consider deploying additional encryption layers at the network or application level to protect sensitive data in transit and at rest beyond the vulnerable cryptographic mechanisms.