CVE-2024-49824

Summary

IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18

could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.

Affected Software

VendorProductVersion RangeStatus
IBMRobotic Process Automation21.0.0 <= 21.0.7.18affected
IBMRobotic Process Automation23.0.0 <= 23.0.18affected
IBMRobotic Process Automation for Cloud Pak21.0.0 <= 21.0.7.18affected
IBMRobotic Process Automation for Cloud Pak23.0.0 <= 23.0.18affected

Weaknesses

  • CWE-602: CWE-602 Client-Side Enforcement of Server-Side Security

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References