CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49824 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2024-49824
18 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement. • https://www.ibm.com/support/pages/node/7177587 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51448 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2024-51448
18 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege. • https://www.ibm.com/support/pages/node/7177586 • CWE-277: Insecure Inherited Permissions •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51456 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2024-51456
12 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks. • https://www.ibm.com/support/pages/node/7180685 • CWE-780: Use of RSA Algorithm without OAEP •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43058 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2023-43058
06 Oct 2023 — IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527. IBM Robotic Process Automation 23.0.9 es vulnerable a la escalada de privilegios que afecta la propiedad de los proyectos. ID de IBM X-Force: 247527. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267527 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38718 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-38718
20 Sep 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606. IBM Robotic Process Automation 21.0.0 a 21.0.7.8 podría revelar información sensible procedente del acceso a scripts de RPA, flujos de trabajo y datos relacionados. ID de IBM X-Force: 261606. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261606 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38733 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-38733
22 Aug 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262293 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-38734 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2023-38734
22 Aug 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262481 • CWE-269: Improper Privilege Management •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23476 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-23476
02 Aug 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425. IBM Robotic Process Automation v21.0.0 a 21.0.7.latest es vulnerable al acceso no autorizado a datos debido a una validación de autorización insuficiente en algunas rutas API. ID de IBM X-Force: 245425. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245425 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-35900 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-35900
19 Jul 2023 — IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259368 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-35901 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2023-35901
16 Jul 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259380 • CWE-287: Improper Authentication •