vuln disclosure
IBM Security QRadar EDR 3.12 Contains Multiple Vulnerabilities in Bundled ComponentsCVE-2024-21538, CVE-2024-47874, CVE-2024-49767, CVE-2024-49766, CVE-2024-6119, IBM X-Force ID 386108
IBM disclosed multiple vulnerabilities in QRadar EDR 3.12, including ReDoS, resource exhaustion, path traversal, and denial of service in third-party libraries like cross-spawn, Starlette, Werkzeug, OpenSSL, and axios. These flaws could allow remote attackers to cause denial of service or, in one case, potential unauthorized data access on Windows. IBM released version 3.12.14 to address all issues.