Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

Summary

IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities in an update.

Vulnerability Details

CVEID:CVE-2024-6874
**DESCRIPTION:**cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a macidn punycode buffer overread flaw in the URL API function curl_url_get(). By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298495 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2024-6197
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a memory allocation flaw in the utf8asn1str() function in the ASN1 parser. By using a specially crafted TLS certificate, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298494 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-5535
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a buffer over-read flaw in the SSL_select_next_proto API function when calling with an empty supported client protocols buffer. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a crash or memory contents to be sent to the peer.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296011 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2024-7264
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a ASN.1 date parser overread. By sending a specially crafted string, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/350227 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-6119
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks (e.g., TLS clients checking server certificates). By sending a specially crafted request, a remote attacker could exploit this vulnerability to read an invalid memory address resulting in abnormal termination of the application process.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/352483 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Remediation/Fixes

IBM recommends customers upgrade their systems promptly.

There is a new upgrade for the WinCollect standalone agent. The following WinCollect standalone agent versions can be used to upgrade the affected versions to resolve the vulnerability by applying the mitigation steps below. For information on how to upgrade your WinCollect version, see the WinCollect 10.1.12 release notes:

<https://www.ibm.com/support/pages/node/7166862&gt;

WinCollect Agent MSI (64-bit) - Standalone only

WinCollect Agent MSI (32-bit) - Standalone only

Workarounds and Mitigations

None