Medium Severity
IBM Security Bulletin: IBM QRadar WinCollect Agent Does Not Verify TLS Syslog Certificate (CVE-2019-4264)
May 25, 2019 9:01 am EDT
Categorized: Medium Severity
Share this post:
When configured for TLS Syslog the Wincollect agent does not verify the authenticity or accuracy of the server certificate. Even when a certificate is specified within the WinCollect configuration it is ignored, and any certificate presented by the server is blindly accepted while negotiating TLS.
CVE(s): CVE-2019-4264
Affected product(s) and affected version(s):
WinCollect Agent 7.1.2 – WinCollect Agent 7.2.8 Patch 2 (32-bit) WinCollect Agent 7.1.2 – WinCollect Agent 7.2.8 Patch 2 (64-bit)
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885464
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160072
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities – Java SE (CVE-2020-14779, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798)
Feb 25, 2021 7:00 pm EST | Medium Severity
IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-14779, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798) ...read more
Security Bulletin: A Security Vulnerability affects IBM Cloud Private – OpenSSL (CVE-2019-1551)
Feb 25, 2021 7:00 pm EST | Medium Severity
A Security Vulnerability affects IBM Cloud Private ...read more
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2020
Feb 25, 2021 7:00 pm EST | Medium Severity
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10-FP70 and Version 8 SR6-FP15 used by IBM Tivoli Application Dependency Discovery Manager (TADDM). These issues were disclosed as part of the IBM Java SDK updates in Oct2020. ...read more