CVE-2024-45100 in Security QRadar EDRinfo

Summary

by MITRE • 01/07/2025

IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/16/2025

IBM Security ReaQta version 3.12 contains a vulnerability that allows a privileged user to trigger a denial of service condition through the improper allocation of system resources. This flaw resides in the administration request handling mechanism where the system fails to properly manage resource allocation when processing multiple concurrent administrative operations. The vulnerability stems from inadequate input validation and resource management practices within the administrative interface, creating an opportunity for resource exhaustion attacks. A malicious privileged user could exploit this weakness by flooding the system with multiple administration requests simultaneously, leading to resource depletion that ultimately results in system unavailability. The technical implementation lacks proper rate limiting or resource consumption monitoring for administrative operations, allowing an attacker to consume excessive memory, CPU cycles, or other critical system resources. This vulnerability directly relates to CWE-400 which categorizes improper resource management as a common weakness in software systems. The impact extends beyond simple service disruption as the denial of service can affect critical security monitoring functions that organizations rely on for threat detection and response. From an operational perspective, this vulnerability represents a significant risk to security operations centers that depend on continuous availability of their monitoring tools. The attack vector requires the adversary to already possess privileged access to the system, which aligns with ATT&CK technique T1078 004 for valid accounts and T1499 004 for network denial of service. Organizations using IBM Security ReaQta 3.12 should immediately implement mitigations including enhanced monitoring of administrative access patterns, implementing rate limiting for administrative operations, and deploying additional access controls to limit the scope of privileged accounts. The vulnerability demonstrates a classic resource exhaustion pattern where insufficient resource management leads to system instability and service unavailability. Security teams should also consider implementing behavioral analytics to detect unusual administrative request patterns that may indicate exploitation attempts. System administrators should review and restrict administrative access to only necessary personnel while ensuring comprehensive logging of all administrative activities to support forensic analysis if exploitation occurs. The remediation process should include updating to the patched version of IBM Security ReaQta as soon as possible and conducting thorough security assessments of administrative interfaces to identify similar resource management weaknesses. Organizations should also consider implementing additional security controls such as administrative session monitoring, request queuing mechanisms, and resource usage alerts to prevent future occurrences of this type of vulnerability.

Responsible

Ibm

Reservation

08/21/2024

Disclosure

01/07/2025

Moderation

accepted

CPE

ready

EPSS

0.00533

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!