CVE-2024-49824

IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7177587	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:robotic_process_automation::::::::
	cpe:2.3:a:ibm:robotic_process_automation::::::::
	cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak::::::::
	cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak::::::::

History

18 Aug 2025, 17:56

Type	Values Removed	Values Added
References	~~() https://www.ibm.com/support/pages/node/7177587 -~~	() https://www.ibm.com/support/pages/node/7177587 - Vendor Advisory
First Time		Ibm Ibm robotic Process Automation For Cloud Pak Ibm robotic Process Automation
CPE		cpe:2.3:a:ibm:robotic_process_automation:::::::: cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak::::::::
Summary		(es) IBM Robotic Process Automation 21.0.0 a 21.0.7.18 y 23.0.0 a 23.0.18 e IBM Robotic Process Automation for Cloud Pak 21.0.0 a 21.0.7.18 y 23.0.0 a 23.0.18 podría permitir que un usuario autenticado realice acciones no autorizadas como un usuario privilegiado debido a una validación incorrecta de la aplicación de la seguridad del lado del cliente.
CWE		NVD-CWE-Other

18 Jan 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-18 16:15

Updated : 2025-08-18 17:56

NVD link : CVE-2024-49824

Mitre link : CVE-2024-49824

CVE.ORG link : CVE-2024-49824

JSON object : View

Products Affected

ibm

robotic_process_automation
robotic_process_automation_for_cloud_pak

CWE

CWE-602

Client-Side Enforcement of Server-Side Security

NVD-CWE-Other

{"id": "CVE-2024-49824", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-01-18T16:15:39.183", "references": [{"url": "https://www.ibm.com/support/pages/node/7177587", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-602"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and \n\nIBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18\n\ncould allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement."}, {"lang": "es", "value": "IBM Robotic Process Automation 21.0.0 a 21.0.7.18 y 23.0.0 a 23.0.18 e IBM Robotic Process Automation for Cloud Pak 21.0.0 a 21.0.7.18 y 23.0.0 a 23.0.18 podr\u00eda permitir que un usuario autenticado realice acciones no autorizadas como un usuario privilegiado debido a una validaci\u00f3n incorrecta de la aplicaci\u00f3n de la seguridad del lado del cliente."}], "lastModified": "2025-08-18T17:56:28.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F17E6A3B-D7B8-4AAE-88B8-9BF14A81D538", "versionEndExcluding": "21.0.7.19", "versionStartIncluding": "21.0.0"}, {"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E64436B-5CE3-4DF8-9808-5BBD00D20506", "versionEndExcluding": "23.0.19", "versionStartIncluding": "23.0.0"}, {"criteria": "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF26EA49-39D9-4943-9F1E-70DE28273743", "versionEndExcluding": "21.0.7.19", "versionStartIncluding": "21.0.0"}, {"criteria": "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02C6BCC6-21FF-4F31-ABB4-CF86020ABF3F", "versionEndExcluding": "23.0.19", "versionStartIncluding": "23.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}