CVE-2024-49824

MEDIUM

IBM Robotic Process Automation <23.0.18 - Privilege Escalation

Title source: llm

Description

IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7177587

Scores

CVSS v3 6.5

EPSS 0.0011

EPSS Percentile 29.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-602

Status published

Products (2)

ibm/robotic_process_automation 21.0.0 - 21.0.7.19

ibm/robotic_process_automation_for_cloud_pak 21.0.0 - 21.0.7.19

Published Jan 18, 2025

Tracked Since Feb 18, 2026