CVE-2024-49825

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 64.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Robotic Process AutomationIBM Robotic Process Automation FOR Cloud PAK
Timeline
PublishedApr 14

Description

IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages3 packages

CVEListV5ibm/robotic_process_automation_for_cloud_pak21.0.021.0.7.20+1
CVEListV5ibm/robotic_process_automation21.0.021.0.7.20+1
NVDibm/robotic_process_automation21.0.021.0.7.20+1

🔴Vulnerability Details

2
GHSA
GHSA-9r58-7qgh-qjq2: IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 212025-04-14
CVEList
IBM Robotic Process Automation session fixation2025-04-14
CVE-2024-49825 (MEDIUM CVSS 4.3) | IBM Robotic Process Automation and | cvebase.io