CVE-2024-49824 MEDIUM

CVE-2024-49824: IBM Robotic Process Automation security bypass

Vendor Ibm
Product Robotic Process Automation
Weakness CWE-602 · Client-side enforcement
Published January 18, 2025
Last update January 21, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.

Key dates

02Disclosure timeline

January 18, 2025 CVE published
January 21, 2025 Record updated