IBM QRadar Security Information and Event Manager WinCollect Agent 7.2.8 Information Disclosure Vulnerability

Summary

IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. 

Credit:

The information has been provided by IBM
The original article can be found at: https://www-01.ibm.com/support/docview.wss?uid=ibm10885464


Details

IBM QRadar Security Information and Event Manager WinCollect Agent is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application

Vulnerable Systems:

  • IBM QRadar Security Information and Event Manager WinCollect Agent 7.2.8
  • IBM QRadar Security Information and Event Manager WinCollect Agent 7.2.5
  • IBM QRadar Security Information and Event Manager WinCollect Agent 7.2.2
  • IBM QRadar Security Information and Event Manager WinCollect Agent 7.1.2

CVE Information:

CVE-2019-4264

Disclosure Timeline:
Publish Date:05/29/2019