VYPR

QRadar WinCollect Agent

by IBM

CVEs (11)

  • CVE-2023-26278HigMay 31, 2023
    risk 0.53cvss 8.2epss 0.00

    IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local authenticated attacker to gain elevated privileges on the system. IBM X-Force ID: 248158.

  • CVE-2020-4486HigAug 11, 2020
    risk 0.53cvss 8.1epss 0.02

    IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. IBM X-Force ID: 181861.

  • CVE-2023-26277HigMay 31, 2023
    risk 0.51cvss 7.8epss 0.00

    IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges. IBM X-Force ID: 248156.

  • CVE-2023-38736HigSep 8, 2023
    risk 0.49cvss 7.5epss 0.00

    IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. IBM X-Force ID: 262542.

  • CVE-2020-4485MedAug 11, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks. IBM X-Force ID: 181860.

  • CVE-2021-39006MedJun 21, 2022
    risk 0.35cvss 5.3epss 0.01

    IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information due to missing best practices. IBM X-Force ID: 213549.

  • CVE-2022-43880MedMar 3, 2024
    risk 0.29cvss 4.4epss 0.00

    IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151.

  • CVE-2024-51461MedApr 11, 2025
    risk 0.28cvss 4.3epss 0.00

    IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.

  • CVE-2024-51462MedJan 17, 2025
    risk 0.26cvss 4.0epss 0.00

    IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data.

  • CVE-2023-26279LowNov 24, 2023
    risk 0.21cvss 3.3epss 0.00

    IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.

  • CVE-2021-39008LowNov 23, 2023
    risk 0.18cvss 2.7epss 0.01

    IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551.