Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB3D10BACA32782AB4E0FBF45EE9E336D2F8136FFC040B5CC2A5747B8D68B1000
HistoryApr 04, 2023 - 7:51 p.m.

Security Bulletin: IBM QRadar Wincollect agent is vulnerable to server side request forgery (SSRF) (CVE-2022-43880)

2023-04-0419:51:20
www.ibm.com
10
ibm qradar
wincollect agent
vulnerable
ssrf
upgrade
cve-2022-43880
denial of service
ibm cloud
10.1.3

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

9.0%

JSON

Summary

IBM QRadar Wincollect agent is vulnerable to server side request forgery. IBM QRadar WinCollect for IBM QRadar SIEM has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2022-43880
**DESCRIPTION:**IBM QRadar WinCollect Agent could allow a privileged user to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240151 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
QRadar WinCollect Agent 10.0 - 10.1.2

Remediation/Fixes

IBM recommends customers upgrade their systems promptly.

There is a new upgrade for the WinCollect standalone agent. The following WinCollect standalone agent versions can be used to upgrade the affected versions to resolve the vulnerability. For information on how to upgrade your WinCollect version, see the WinCollect 10.1.3 release notes: <https://www.ibm.com/support/pages/node/6958514&gt;

Download and install the WinCollect standalone agent version 10.1.3 for your version of QRadar:

QRadar Version WinCollect Standalone Agent 10.1.3 Versions
7.5

WinCollect Agent MSI (64-bit) - Standalone only

WinCollect Agent MSI (32-bit) - Standalone only

7.4|

WinCollect Agent MSI (64-bit) - Standalone only

WinCollect Agent MSI (32-bit) - Standalone only

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmqradar_network_securityMatch10
VendorProductVersionCPE
ibmqradar_network_security10cpe:2.3:a:ibm:qradar_network_security:10:*:*:*:*:*:*:*

Related

vulnrichment 1
cve 1
cvelist 1
nvd 1
prion 1
cnvd 1
vulnrichment
vulnrichment
CVE-2022-43880 IBM QRadar WinCollect Agent
2024-03-03 15:34:42
cve
cve
CVE-2022-43880
2024-03-03 16:15:49
cvelist
cvelist
CVE-2022-43880 IBM QRadar WinCollect Agent
2024-03-03 15:34:42
nvd
nvd
CVE-2022-43880
2024-03-03 16:15:49
prion
prion
Code injection
2024-03-03 16:15:00
cnvd
cnvd
IBM QRadar WinCollect Agent Resource Management Error Vulnerability
2024-03-05 00:00:00

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

9.0%

JSON
Related for B3D10BACA32782AB4E0FBF45EE9E336D2F8136FFC040B5CC2A5747B8D68B1000
vulnrichment1cve1cvelist1nvd1prion1cnvd1