{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-49824","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2024-10-20T13:40:37.122Z","datePublished":"2025-01-18T15:11:58.522Z","dateUpdated":"2025-01-21T20:58:13.548Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*","cpe:2.3:a:ibm:robotic_process_automation:21.0.7.17:*:*:*:*:*:*:*","cpe:2.3:a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:robotic_process_automation:23.0.18:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Robotic Process Automation","vendor":"IBM","versions":[{"lessThanOrEqual":"21.0.7.18","status":"affected","version":"21.0.0","versionType":"semver"},{"lessThanOrEqual":"23.0.18","status":"affected","version":"23.0.0","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Robotic Process Automation for Cloud Pak","vendor":"IBM","versions":[{"lessThanOrEqual":"21.0.7.18","status":"affected","version":"21.0.0","versionType":"semver"},{"lessThanOrEqual":"23.0.18","status":"affected","version":"23.0.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and \n\nIBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18\n\ncould allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.</span>\n\n</span></span>"}],"value":"IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and \n\nIBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18\n\ncould allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-602","description":"CWE-602 Client-Side Enforcement of Server-Side Security","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-01-18T15:11:58.522Z"},"references":[{"url":"https://www.ibm.com/support/pages/node/7177587"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Robotic Process Automation security bypass","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-21T20:58:08.747873Z","id":"CVE-2024-49824","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-21T20:58:13.548Z"}}]}}