← voltar
CVE-2024-49824

IBM Robotic Process Automation security bypass

CVSS 6.5 MEDIUMEPSS 0.3%CWE-602
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 jan 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Produtos afetados
IBM · Robotic Process AutomationIBM · Robotic Process Automation for Cloud Pak

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.ibm.com/support/pages/node/7177587