CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
26.9%
The IBM QRadar Wincollect standalone agent is vulnerable to sensitive information disclosure due to missing best practices.
CVEID:CVE-2021-39006
**DESCRIPTION:**IBM QRadar WinCollect Agent could allow an attacker to obtain sensitive information due to missing best practices.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213549 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
QRadar WinCollect Agent | 10.0 - 10.0.1 |
IBM recommends customers upgrade their systems promptly.
There is a new upgrade for the Wincollect standalone agent. The following Wincollect standalone agent versions can be used to upgrade the affected versions to resolve the vulnerability. For information on how to upgrade your WinCollect version, see the WinCollect 10.0.2 release notes: <https://www.ibm.com/support/pages/node/6523772>
Download and install the Wincollect standalone agent version 10.0.2:
WinCollect Agent MSI (64-bit) - Standalone only: https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.5.0-QRADAR-AGENT-wincollect-10.0.2-62.x64.msi&continue=1
WinCollect Agent MSI (32-bit) - Standalone only: https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.5.0-QRADAR-AGENT-wincollect-10.0.2-62.x86.msi&continue=1
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | ibm_qradar_siem | 7.5.0 | cpe:2.3:a:ibm:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
26.9%