CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49824 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2024-49824
18 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement. • https://www.ibm.com/support/pages/node/7177587 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51448 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2024-51448
18 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege. • https://www.ibm.com/support/pages/node/7177586 • CWE-277: Insecure Inherited Permissions •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51456 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2024-51456
12 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks. • https://www.ibm.com/support/pages/node/7180685 • CWE-780: Use of RSA Algorithm without OAEP •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43058 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2023-43058
06 Oct 2023 — IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527. IBM Robotic Process Automation 23.0.9 es vulnerable a la escalada de privilegios que afecta la propiedad de los proyectos. ID de IBM X-Force: 247527. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267527 •