CVE-2020-4485: 
IBM QRadar SIEM vulnerability analysis and mitigation

IBM QRadar Wincollect versions 7.2.0 through 7.2.9 contained a vulnerability that could allow an authenticated user to disable the Wincollect service, potentially aiding attackers in bypassing security mechanisms in future attacks. The vulnerability was discovered and assigned CVE-2020-4485, with IBM X-Force ID: 181860 (IBM Security).

The vulnerability has been assigned a CVSS Base score of 6.5 with the vector (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), indicating a medium severity issue. The vulnerability specifically affects the access control mechanisms of the Wincollect service in IBM QRadar, allowing authenticated users to bypass intended restrictions (IBM Security).

If exploited, this vulnerability could allow an authenticated attacker to disable the Wincollect service, which could subsequently be used to bypass security mechanisms in future attacks. This impact primarily affects the availability of the service and could potentially compromise the security posture of affected systems (IBM Security).

IBM has released an update to address this vulnerability. Users should upgrade to WinCollect version 7.3.0-41, which is available for both QRadar 7.4.x and 7.3.x installations. The update can be applied without uninstalling and reinstalling the agent. Detailed update instructions are available in the WinCollect 7.3.0 Patch 1 release notes (IBM Security).