- May 4, 2019
- 801
An Elevation of Privilege (EoP) exists in IBM QRadar Wincollect 7.2.0 – 7.2.9 . The vulnerability described gives the ability to a low privileged user to delete any file from the System and disable the Wincollect service. This arbitrary delete vulnerability can be leveraged in order to gain access as NT AUTHORITY\SYSTEM. During the exploitation, the attacker disables the Wincollect service.
IBM QRadar Wincollect Escalation of Privilege
Writeup for IBM QRadar Wincollect CVE-2020-4485 and CVE-2020-4486 .
labs.redyops.com
Last edited by a moderator: