CVE-2025-36376 (GCVE-0-2025-36376)
Vulnerability from cvelistv5
Published
2026-02-17 20:37
Modified
2026-02-18 14:47
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE
  • CWE-613 - Insufficient Session Expiration
Summary
IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.
References
Impacted products
Vendor Product Version
IBM Security QRadar EDR Version: 3.12    3.12.23
    cpe:2.3:a:ibm:security_qradar_edr:3.12:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_qradar_edr:3.12.23:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36376",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-18T14:46:53.593597Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-18T14:47:00.593Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:security_qradar_edr:3.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:security_qradar_edr:3.12.23:*:*:*:*:*:*:*"
          ],
          "product": "Security QRadar EDR",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "3.12.23",
              "status": "affected",
              "version": "3.12",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.\u003c/p\u003e"
            }
          ],
          "value": "IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-17T20:41:36.549Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7260390"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM encourages customers to update their systems promptly.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFix version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Security QRadar EDR\u003c/td\u003e\u003ctd\u003e3.12.24\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe IBM Security QRadar EDR operator can be upgraded automatically when new compatible versions are available. However, you can control whether an operator is upgraded automatically by setting an approval strategy.\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eTwo approval strategies are available:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAutomatic (default) - New operator versions are installed automatically when they are available on the subscription channel.\u003c/li\u003e\u003cli\u003eManual - When a new operator version is available on the subscription channel, the subscription indicates that an update is available, but you must approve the update manually.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information about the manual installation process, view \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/security-qradar-edr/3.12?topic=overview-whats-new-changed\"\u003eInstalling QRadar EDR\u003c/a\u003e\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "IBM encourages customers to update their systems promptly.\n\nProductFix versionIBM Security QRadar EDR3.12.24\n\n\u00a0\n\nThe IBM Security QRadar EDR operator can be upgraded automatically when new compatible versions are available. However, you can control whether an operator is upgraded automatically by setting an approval strategy.\n\nTwo approval strategies are available:\n\n  *  Automatic (default) - New operator versions are installed automatically when they are available on the subscription channel.\n  *  Manual - When a new operator version is available on the subscription channel, the subscription indicates that an update is available, but you must approve the update manually.\n\n\nFor more information about the manual installation process, view  Installing QRadar EDR https://www.ibm.com/docs/en/security-qradar-edr/3.12"
        }
      ],
      "title": "IBM Security QRadar EDR Software has multiple vulnerabilities",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-36376",
    "datePublished": "2026-02-17T20:37:28.659Z",
    "dateReserved": "2025-04-15T21:16:56.325Z",
    "dateUpdated": "2026-02-18T14:47:00.593Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-36376\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-18T14:46:53.593597Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-18T14:46:56.630Z\"}}], \"cna\": {\"title\": \"IBM Security QRadar EDR Software has multiple vulnerabilities\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:security_qradar_edr:3.12:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:security_qradar_edr:3.12.23:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Security QRadar EDR\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.12\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.12.23\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM encourages customers to update their systems promptly.\\n\\nProductFix versionIBM Security QRadar EDR3.12.24\\n\\n\\u00a0\\n\\nThe IBM Security QRadar EDR operator can be upgraded automatically when new compatible versions are available. However, you can control whether an operator is upgraded automatically by setting an approval strategy.\\n\\nTwo approval strategies are available:\\n\\n  *  Automatic (default) - New operator versions are installed automatically when they are available on the subscription channel.\\n  *  Manual - When a new operator version is available on the subscription channel, the subscription indicates that an update is available, but you must approve the update manually.\\n\\n\\nFor more information about the manual installation process, view  Installing QRadar EDR https://www.ibm.com/docs/en/security-qradar-edr/3.12\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM encourages customers to update their systems promptly.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eFix version\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Security QRadar EDR\u003c/td\u003e\u003ctd\u003e3.12.24\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe IBM Security QRadar EDR operator can be upgraded automatically when new compatible versions are available. However, you can control whether an operator is upgraded automatically by setting an approval strategy.\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eTwo approval strategies are available:\u003c/p\u003e\u003cul\u003e\u003cli\u003eAutomatic (default) - New operator versions are installed automatically when they are available on the subscription channel.\u003c/li\u003e\u003cli\u003eManual - When a new operator version is available on the subscription channel, the subscription indicates that an update is available, but you must approve the update manually.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information about the manual installation process, view \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.ibm.com/docs/en/security-qradar-edr/3.12?topic=overview-whats-new-changed\\\"\u003eInstalling QRadar EDR\u003c/a\u003e\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7260390\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-613\", \"description\": \"CWE-613 Insufficient Session Expiration\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-02-17T20:41:36.549Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-36376\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-18T14:47:00.593Z\", \"dateReserved\": \"2025-04-15T21:16:56.325Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-02-17T20:37:28.659Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.