Summary IBM Security QRadar EDR Software includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt jwt-go could allow a remote attacker to obtain sensitive information, caused by improper error handling in ParseWithClaims. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. CWE:CWE-755: Improper Handling of Exceptional Conditions CVSS Source: IBM X-Force CVSS Base score: 3.1 CVSS Vector:(CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CWE:CWE-1333: Inefficient Regular Expression Complexity CVSS Source: CISA ADP CVSS Base score: 5.3 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If…Read More