CVE-2024-49824

CWE-6023 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 70.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Robotic Process Automation IBM Robotic Process Automation FOR Cloud PAK

Timeline

PublishedJan 18

Description

IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5ibm/robotic_process_automation_for_cloud_pak21.0.0 — 21.0.7.18+1

▶NVDibm/robotic_process_automation21.0.0 — 21.0.7.19+1

▶CVEListV5ibm/robotic_process_automation21.0.0 — 21.0.7.18+1

🔴Vulnerability Details

GHSA

GHSA-vcxw-vmr7-hmxx: IBM Robotic Process Automation 21↗2025-01-18

▶

CVEList

IBM Robotic Process Automation security bypass↗2025-01-18

▶