{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-49824", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-10-20T13:40:37.122Z", "datePublished": "2025-01-18T15:11:58.522Z", "dateUpdated": "2025-01-21T20:58:13.548Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:21.0.7.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:23.0.18:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Robotic Process Automation", "vendor": "IBM", "versions": [{"lessThanOrEqual": "21.0.7.18", "status": "affected", "version": "21.0.0", "versionType": "semver"}, {"lessThanOrEqual": "23.0.18", "status": "affected", "version": "23.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Robotic Process Automation for Cloud Pak", "vendor": "IBM", "versions": [{"lessThanOrEqual": "21.0.7.18", "status": "affected", "version": "21.0.0", "versionType": "semver"}, {"lessThanOrEqual": "23.0.18", "status": "affected", "version": "23.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and \n\nIBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18\n\ncould allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.</span>\n\n</span></span>"}], "value": "IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and \n\nIBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18\n\ncould allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-602", "description": "CWE-602 Client-Side Enforcement of Server-Side Security", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-01-18T15:11:58.522Z"}, "references": [{"url": "https://www.ibm.com/support/pages/node/7177587"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Robotic Process Automation security bypass", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-21T20:58:08.747873Z", "id": "CVE-2024-49824", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T20:58:13.548Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49824", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-21T20:58:08.747873Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T20:57:57.736Z"}}], "cna": {"title": "IBM Robotic Process Automation security bypass", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:21.0.7.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:23.0.18:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Robotic Process Automation", "versions": [{"status": "affected", "version": "21.0.0", "versionType": "semver", "lessThanOrEqual": "21.0.7.18"}, {"status": "affected", "version": "23.0.0", "versionType": "semver", "lessThanOrEqual": "23.0.18"}], "defaultStatus": "unaffected"}, {"vendor": "IBM", "product": "Robotic Process Automation for Cloud Pak", "versions": [{"status": "affected", "version": "21.0.0", "versionType": "semver", "lessThanOrEqual": "21.0.7.18"}, {"status": "affected", "version": "23.0.0", "versionType": "semver", "lessThanOrEqual": "23.0.18"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7177587"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and \n\nIBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18\n\ncould allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and \n\nIBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18\n\ncould allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.</span>\n\n</span></span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-602", "description": "CWE-602 Client-Side Enforcement of Server-Side Security"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-01-18T15:11:58.522Z"}}}, "cveMetadata": {"cveId": "CVE-2024-49824", "state": "PUBLISHED", "dateUpdated": "2025-01-21T20:58:13.548Z", "dateReserved": "2024-10-20T13:40:37.122Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-01-18T15:11:58.522Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "F17E6A3B-D7B8-4AAE-88B8-9BF14A81D538", "versionEndExcluding": "21.0.7.19", "versionStartIncluding": "21.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E64436B-5CE3-4DF8-9808-5BBD00D20506", "versionEndExcluding": "23.0.19", "versionStartIncluding": "23.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF26EA49-39D9-4943-9F1E-70DE28273743", "versionEndExcluding": "21.0.7.19", "versionStartIncluding": "21.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*", "matchCriteriaId": "02C6BCC6-21FF-4F31-ABB4-CF86020ABF3F", "versionEndExcluding": "23.0.19", "versionStartIncluding": "23.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and \n\nIBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18\n\ncould allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement."}, {"lang": "es", "value": "IBM Robotic Process Automation 21.0.0 a 21.0.7.18 y 23.0.0 a 23.0.18 e IBM Robotic Process Automation for Cloud Pak 21.0.0 a 21.0.7.18 y 23.0.0 a 23.0.18 podr\u00eda permitir que un usuario autenticado realice acciones no autorizadas como un usuario privilegiado debido a una validaci\u00f3n incorrecta de la aplicaci\u00f3n de la seguridad del lado del cliente."}], "id": "CVE-2024-49824", "lastModified": "2025-08-18T17:56:28.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-01-18T16:15:39.183", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7177587"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-602"}], "source": "psirt@us.ibm.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}