← volver
CVE-2024-49824

IBM Robotic Process Automation security bypass

CVSS 6.5 MEDIUMEPSS 0.3%CWE-602
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 ene 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Productos afectados
IBM · Robotic Process AutomationIBM · Robotic Process Automation for Cloud Pak

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.ibm.com/support/pages/node/7177587