CVE-2024-51462 MEDIUM

CVE-2024-51462: IBM QRadar WinCollect Agent data manipulation

Vendor Ibm
Product QRadar WinCollect Agent
Weakness CWE-471
Published January 17, 2025
Last update February 12, 2025

CVSS base score

4.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data.

Key dates

02Disclosure timeline

January 17, 2025 CVE published
February 12, 2025 Record updated