CVE-2023-26279: IBM QRadar WinCollect Agent improper output encoding
Published Nov 22, 2023
·Updated
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.
Affected Software
2 affected components
IBM QRadar WinCollect Agent<=10.0-10.1.7
IBM QRadar Wincollect>=10.0<=10.1.7
Remediation
Patch Available
Event History
Nov 22, 2023
CVE Published
via IBM·12:00 AM
Data Sourced
via IBM·12:00 AM
DescriptionSeverityAffected Software
Nov 23, 2023
CVE Published
via MITRE·11:39 PM
Data Sourced
via MITRE·11:39 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is CVE-2023-26279?
CVE-2023-26279 is a vulnerability in IBM QRadar WinCollect Agent 10.0 through 10.1.7 that could allow a local user to perform unauthorized actions due to improper encoding.
2
What is the severity of CVE-2023-26279?
The severity of CVE-2023-26279 is low with a CVSS score of 3.3.
3
How can a local user exploit CVE-2023-26279?
A local user can exploit CVE-2023-26279 by performing unauthorized actions due to improper encoding.
4
Is there a fix for CVE-2023-26279?
Yes, IBM has provided a fix for CVE-2023-26279. Please refer to the IBM support page for more information.
5
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-26279?
The CWE ID for CVE-2023-26279 is 116.