When configured for TLS Syslog the Wincollect agent does not verify the authenticity or accuracy of the server certificate. Even when a certificate is specified within the WinCollect configuration it is ignored, and any certificate presented by the server is blindly accepted while negotiating TLS.
CVEID: CVE-2019-4264
**Description:**IBM QRadar WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate.
**CVSS Base Score:**5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160072> for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
WinCollect Agent 7.1.2 - WinCollect Agent 7.2.8 Patch 2 (32-bit)
WinCollect Agent 7.1.2 - WinCollect Agent 7.2.8 Patch 2 (64-bit)
WinCollect Agent 7.2.9 (32-bit)
WinCollect Agent 7.2.9 (64-bit)
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.2.8 |