Medium Severity

IBM Security Bulletin: IBM QRadar WinCollect Agent Does Not Verify TLS Syslog Certificate (CVE-2019-4264)

May 25, 2019 9:01 am EDT

Categorized: Medium Severity

Share this post:

When configured for TLS Syslog the Wincollect agent does not verify the authenticity or accuracy of the server certificate. Even when a certificate is specified within the WinCollect configuration it is ignored, and any certificate presented by the server is blindly accepted while negotiating TLS.

CVE(s): CVE-2019-4264

Affected product(s) and affected version(s):
WinCollect Agent 7.1.2 – WinCollect Agent 7.2.8 Patch 2 (32-bit) WinCollect Agent 7.1.2 – WinCollect Agent 7.2.8 Patch 2 (64-bit)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885464
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160072


Previous Post

IBM Security Bulletin: Security vulnerability affects the Report Builder shipped with Jazz Reporting Service (CVE-2019-4184)

Next Post

IBM Security Bulletin: A vulnerability in Google Guava could affect IBM Cloud App Management V2018
More stories

IBM Security Bulletin: API Connect V2018 is impacted by a Kubernetes vulnerability(CVE-2019-11246)

Aug 19, 2019 12:13 pm EDT | Medium Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2019-11246 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 2018.1-2018.4.1.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10960606X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162892 ...read more

IBM Security Bulletin: IBM API Connect’s Developer Portal is impacted by a path traversal vulnerability.

Aug 19, 2019 12:13 pm EDT | Medium Severity

IBM API Connect has addressed the following vulnerability. CVE(s): Not Applicable Affected product(s) and affected version(s): IBM API Connect v5.0.0.0-5.0.8.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10960880X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/163056 ...read more

IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2019-6471.

Aug 19, 2019 12:12 pm EDT | Medium Severity

ISC BIND is vulnerable to this security vulnerability. IBM i has addressed the vulnerability. CVE(s): CVE-2019-6471 Affected product(s) and affected version(s): Releases 7.4, 7.3, 7.2, and 7.1 of IBM i are affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10967483X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162756 ...read more