A newly disclosed security vulnerability in IBM Robotic Process Automation (RPA) has raised concerns about potential data breaches.
The vulnerability, tracked as CVE-2024-51456, could allow remote attackers to exploit cryptographic weaknesses and access sensitive information.
IBM has released a security bulletin detailing the issue, alongside remediation measures to address the risk.
IBM Robotic Process Automation Vulnerability
The vulnerability arises due to the insecure implementation of the RSA algorithm without Optimal Asymmetric Encryption Padding (OAEP), classified under CWE-780 (Use of RSA Algorithm without OAEP).
By exploiting this weakness, a remote attacker may execute a crypto-analytic attack to intercept or retrieve sensitive data processed by the affected software.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
The vulnerability, identified as CVE-2024-51456, has been assigned a CVSS Base Score of 5.9, indicating moderate severity.
Its vector is defined as CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, reflecting a network-based attack with high attack complexity, requiring no privileges or user interaction.
The primary impact is on confidentiality, rated as high, while there is no effect on integrity or availability.
Affected Products and Versions
The vulnerability affects several versions of IBM Robotic Process Automation for both standalone deployments and deployments with IBM Cloud Pak. A detailed breakdown is provided in the table below:
| Affected Product | Version(s) |
| IBM Robotic Process Automation | 21.0.0 – 21.0.7.19, 23.0.0 – 23.0.19 |
| IBM Robotic Process Automation for Cloud Pak | 21.0.0 – 21.0.7.19, 23.0.0 – 23.0.19 |
IBM has addressed the vulnerability by releasing updated versions of its affected products. Users are strongly recommended to upgrade to version 23.0.20 or later to eliminate the risk posed by CVE-2024-51456.
For those using IBM Robotic Process Automation (RPA) versions 23.0.0 to 23.0.19, the fix involves downloading the updated release and following IBM’s remediation instructions.
Similarly, users of IBM Robotic Process Automation for Cloud Pak within the same version range should update to version 23.0.20 or higher.
For older versions, specifically 21.0.0 to 21.0.7.19, IBM has provided detailed mitigation steps as a temporary measure until the software can be upgraded to a secure version.
Applying these remedies promptly is essential for protecting sensitive data and ensuring the security of the organization’s automation workflows.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!