Remote Code Injection Vulnerability in IBM QRadar WinCollect Agent
CVE-2024-51462

4MEDIUM

Key Information:

Vendor: IBM
Status: Qradar Wincollect Agent
Vendor: CVE Published:; 17 January 2025

Summary

The IBM QRadar WinCollect Agent versions 10.0.0 through 10.1.12 are susceptible to a remote code injection vulnerability caused by improper input validation of internal parameters. This could allow an attacker to inject malicious XML data, potentially compromising the integrity of the system and exposing sensitive information. Organizations using affected versions are urged to review their security posture and apply necessary mitigations as outlined by IBM.

Affected Version(s)

QRadar WinCollect Agent 10.0.0 <= 10.1.12

References

https://www.ibm.com/support/pages/node/7176043

vendor-advisory

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 17, 2025
Vulnerability Reserved
Oct 28, 2024