IBME1A031C22320EB8A47F6C5B828E23A9773E39840E1DAC626DB78195B9E791537Security Bulletin: IBM QRadar WinCollect Agent Does Not Verify TLS Syslog Certificate (CVE-2019-4264)
0.001 Low
EPSS
Percentile
32.1%
Summary
When configured for TLS Syslog the Wincollect agent does not verify the authenticity or accuracy of the server certificate. Even when a certificate is specified within the WinCollect configuration it is ignored, and any certificate presented by the server is blindly accepted while negotiating TLS.
Vulnerability Details
CVEID: CVE-2019-4264
**Description:**IBM QRadar WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate.
**CVSS Base Score:**5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160072> for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products and Versions
WinCollect Agent 7.1.2 - WinCollect Agent 7.2.8 Patch 2 (32-bit)
WinCollect Agent 7.1.2 - WinCollect Agent 7.2.8 Patch 2 (64-bit)
Remediation/Fixes
WinCollect Agent 7.2.9 (32-bit)
WinCollect Agent 7.2.9 (64-bit)
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security qradar siem | eq | 7.2.8 |
Related
0.001 Low
EPSS
Percentile
32.1%