← back
CVE-2024-49824

IBM Robotic Process Automation security bypass

CVSS 6.5 MEDIUMEPSS 0.3%CWE-602
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
18 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products
IBM · Robotic Process AutomationIBM · Robotic Process Automation for Cloud Pak

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.ibm.com/support/pages/node/7177587