IBM QRadar WinCollect Agent privilege escalation
CVE-2023-38736

7.5HIGH

Key Information:

Vendor: IBM
Status: Qradar Wincollect Agent
Vendor: CVE Published:; 8 September 2023

Summary

The IBM QRadar WinCollect Agent, when executed with ADMIN or SYSTEM privileges, exposes a vulnerability that allows a normal user to escalate their privileges to gain SYSTEM-level access. This poses a significant security risk as it can enable unauthorized actions within the system. It is crucial for users and administrators to address this vulnerability to maintain the integrity and security of their IT environment.

Affected Version(s)

QRadar WinCollect Agent 10.0 <= 10.1.6

References

https://www.ibm.com/support/pages/node/7030703

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/262542

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 8, 2023
Vulnerability Reserved
Jul 25, 2023