ByteOS Network

NVD Vulnerability Details :

CVE-2019-4264

Analyzed

Source-psirt@us.ibm.com

Published At-29 May, 2019 | 15:29

Updated At-03 Feb, 2023 | 20:11

IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. IBM X-Force ID: 160072.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary	3.0	5.9	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

IBM Corporation

>>qradar_security_information_and_event_manager>>Versions from 7.1.2(inclusive) to 7.2.8(exclusive)

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*

IBM Corporation

>>qradar_security_information_and_event_manager>>7.2.8

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:-:*:*:*:*:*:*

IBM Corporation

>>qradar_security_information_and_event_manager>>7.2.8

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p1:*:*:*:*:*:*

IBM Corporation

>>qradar_security_information_and_event_manager>>7.2.8

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p2:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-295	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/108535	psirt@us.ibm.com	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/160072	psirt@us.ibm.com	Vendor Advisory VDB Entry
https://www.ibm.com/support/docview.wss?uid=ibm10885464	psirt@us.ibm.com	Patch Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History