CVE-2024-51462: 
IBM WinCollect vulnerability analysis and mitigation

IBM QRadar WinCollect Agent versions 10.0.0 through 10.1.12 are affected by a vulnerability that could allow XML data injection into parameter values. The vulnerability was disclosed on January 16, 2025, and is tracked as CVE-2024-51462. This security flaw affects the QRadar WinCollect Agent software, which is a component of IBM's security information and event management (SIEM) solution (NVD, IBM Security).

The vulnerability stems from improper input validation of assumed immutable data, identified as CWE-471 (Modification of Assumed-Immutable Data). It has been assigned a CVSS v3.1 base score of 4.0 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. This indicates a local attack vector with low attack complexity, requiring no privileges or user interaction, and potentially impacting system integrity (NVD).

The vulnerability allows attackers to inject XML data into parameter values, which could lead to integrity issues in the affected systems. The CVSS scoring indicates that while there is no impact on confidentiality or availability, there is a low impact on system integrity (IBM Security).

IBM has released version 10.1.13 of the WinCollect standalone agent to address this vulnerability. Organizations are recommended to upgrade their systems promptly. The upgrade is available for both 32-bit and 64-bit versions of the WinCollect Agent MSI for standalone installations. Detailed upgrade instructions can be found in the WinCollect 10.1.13 release notes (IBM Security).