Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
IBM Security QRadar EDR Authentication Session Hijacking
CVE-2025-36377
Summary
IBM Security QRadar EDR's session management is flawed, allowing an attacker to impersonate a legitimate user after their session expires. This can lead to unauthorized access to sensitive data and actions. To protect your system, update to a patched version of IBM Security QRadar EDR.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | qradar_edr | > 3.12.0 , <= 3.12.24 | – |
Original title
IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.
Original description
IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.
nvd CVSS3.1
8.8
Vulnerability type
CWE-613
- https://www.ibm.com/support/pages/node/7260390 Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026