Risk
High
Patch available
YES
Number of vulnerabilities
6
CVE-ID
CVE-2023-27533CVE-2023-27535CVE-2023-27537CVE-2023-27538CVE-2023-27536CVE-2023-27534
CWE-ID
CWE-20CWE-371CWE-415CWE-200
Exploitation vector
Network
Public exploit
N/A
Vulnerable softwareSubscribe
IBM QRadar WinCollect AgentServer applications / Other server solutions
Vendor
IBM Corporation
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
EUVDB-ID: #VU73826
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-27533
CWE-ID: CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to manipulate requests.
The vulnerability exists due to missing documentation of the TELNET protocol support and the ability to pass on user name and "telnet options" for the server negotiation. A remote attacker can manipulate the connection sending unexpected data to the server via the affected client.
Mitigation
Install update from vendor's website.
Vulnerable software versions
IBM QRadar WinCollect Agent: 10.0 - 10.1.3
CPE2.3
External links
http://www.ibm.com/support/pages/node/7002501
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU73828
Risk: Low
CVSSv3.1:
..
Support the originator by clicking the read the rest link below.
