CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
5.1%
IBM QRadar WinCollect Agent is vulnerable to priviledge escalation. IBM has addressed the relevant vulnerability
CVEID:CVE-2023-26278
**DESCRIPTION:**IBM QRadar WinCollect Agent could allow a local authenticated attacker to gain elevated privileges on the system.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248158 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
QRadar WinCollect Agent | 10.0 - 10.1.3 |
IBM recommends customers upgrade their systems promptly.
There is a new upgrade for the WinCollect standalone agent. The following WinCollect standalone agent versions can be used to upgrade the affected versions to resolve the vulnerability. For information on how to upgrade your WinCollect version, see the WinCollect 10.1.4 release notes: <https://www.ibm.com/support/pages/node/6987783>
Download and install the WinCollect standalone agent version 10.1.4 for your version of QRadar:
QRadar Version | WinCollect Standalone Agent 10.1.4 Versions |
---|---|
7.5 |
WinCollect Agent MSI (64-bit) - Standalone only
WinCollect Agent MSI (32-bit) - Standalone only
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | qradar_network_security | 10 | cpe:2.3:a:ibm:qradar_network_security:10:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
5.1%