CVE-2023-38736

Name of the Vulnerable Software and Affected Versions IBM QRadar WinCollect Agent versions 10.0 through 10.1.6

Description The issue is related to insufficient access control in the IBM QRadar WinCollect Agent, which can be exploited by a remote attacker to elevate their privileges. A normal user could utilize this vulnerability to gain SYSTEM permissions when the agent is installed to run as ADMIN or SYSTEM.

Recommendations For IBM QRadar WinCollect Agent versions 10.0 through 10.1.6, consider restricting the agent's privileges to prevent a local escalation of privilege attack until a patch is available. As a temporary workaround, avoid running the agent as ADMIN or SYSTEM to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.