Cyber Security News

IBM Robotic Process Automation Vulnerability Let Attackers Obtain Sensitive Data

A newly disclosed security vulnerability in IBM Robotic Process Automation (RPA) has raised concerns about potential data breaches.

The vulnerability, tracked as CVE-2024-51456, could allow remote attackers to exploit cryptographic weaknesses and access sensitive information.

IBM has released a security bulletin detailing the issue, alongside remediation measures to address the risk.

IBM Robotic Process Automation Vulnerability

The vulnerability arises due to the insecure implementation of the RSA algorithm without Optimal Asymmetric Encryption Padding (OAEP), classified under CWE-780 (Use of RSA Algorithm without OAEP).

By exploiting this weakness, a remote attacker may execute a crypto-analytic attack to intercept or retrieve sensitive data processed by the affected software.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

The vulnerability, identified as CVE-2024-51456, has been assigned a CVSS Base Score of 5.9, indicating moderate severity.

Its vector is defined as CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, reflecting a network-based attack with high attack complexity, requiring no privileges or user interaction.

The primary impact is on confidentiality, rated as high, while there is no effect on integrity or availability.

Affected Products and Versions

The vulnerability affects several versions of IBM Robotic Process Automation for both standalone deployments and deployments with IBM Cloud Pak. A detailed breakdown is provided in the table below:

Affected ProductVersion(s)
IBM Robotic Process Automation21.0.0 – 21.0.7.19, 23.0.0 – 23.0.19
IBM Robotic Process Automation for Cloud Pak21.0.0 – 21.0.7.19, 23.0.0 – 23.0.19

IBM has addressed the vulnerability by releasing updated versions of its affected products. Users are strongly recommended to upgrade to version 23.0.20 or later to eliminate the risk posed by CVE-2024-51456.

For those using IBM Robotic Process Automation (RPA) versions 23.0.0 to 23.0.19, the fix involves downloading the updated release and following IBM’s remediation instructions.

Similarly, users of IBM Robotic Process Automation for Cloud Pak within the same version range should update to version 23.0.20 or higher.

For older versions, specifically 21.0.0 to 21.0.7.19, IBM has provided detailed mitigation steps as a temporary measure until the software can be upgraded to a secure version.

Applying these remedies promptly is essential for protecting sensitive data and ensuring the security of the organization’s automation workflows.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Oracle Reports Data Breach, Initiates Client Notifications

Oracle Corporation has confirmed a data breach involving its older Gen 1 servers, marking its…

25 minutes ago

Vite Development Server Flaw Allows Attackers Bypass Path Restrictions

A critical security vulnerability, CVE-2025-31125, has been identified in the Vite development server. Due to improper…

1 hour ago

New Android Spyware Tricks Users by Demanding Passwords for Uninstallation

A newly identified Android spyware app is elevating its tactics to remain hidden and unremovable…

2 hours ago

Malicious PDFs Responsible for 22% of All Email-Based Cyber Threats

Malicious PDF files have emerged as a dominant threat vector in email-based cyberattacks, accounting for…

2 hours ago

Ex-ASML Russian Employee Smuggled Trade Secrets to Moscow via USB

A former employee of Dutch semiconductor firm ASML, identified as German A. (43), stands accused…

4 hours ago

Critical Apache Parquet Vulnerability Allows Remote Code Execution

A severe vulnerability has been identified in the Apache Parquet Java library, specifically within its parquet-avro module.…

4 hours ago