CVE-2023-26278: 
IBM WinCollect vulnerability analysis and mitigation

IBM QRadar WinCollect Agent versions 10.0 through 10.1.3 contains a privilege escalation vulnerability identified as CVE-2023-26278. The vulnerability was disclosed on May 31, 2023, and allows local authenticated attackers to gain elevated privileges on affected systems. This security flaw affects the WinCollect Agent component of IBM's QRadar security information and event management (SIEM) solution (IBM Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) by NIST with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. IBM's assessment differs slightly, rating it at 8.2 (High) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H. The vulnerability requires local access and low privileges to exploit, with potential impacts on confidentiality, integrity, and availability all rated as High (NVD).

If successfully exploited, this vulnerability allows an attacker with local system access and low-level privileges to elevate their privileges on the affected system. This could potentially give the attacker full control over the system, compromising its confidentiality, integrity, and availability (IBM Advisory).

IBM recommends customers upgrade their systems promptly to WinCollect standalone agent version 10.1.4. The upgrade is available for various QRadar versions and can be installed via MSI installers for both 32-bit and 64-bit systems. No workarounds or alternative mitigations are available for this vulnerability (IBM Advisory).