{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-51448", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-10-28T10:49:59.191Z", "datePublished": "2025-01-18T15:08:42.484Z", "dateUpdated": "2025-01-21T20:58:29.659Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:21.0.7.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:23.0.18:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Robotic Process Automation", "vendor": "IBM", "versions": [{"lessThanOrEqual": "21.0.7.17", "status": "affected", "version": "21.0.0", "versionType": "semver"}, {"lessThanOrEqual": "23.0.18", "status": "affected", "version": "23.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege.</span></span>"}], "value": "IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-277", "description": "CWE-277 Insecure Inherited Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-01-18T15:08:42.484Z"}, "references": [{"url": "https://www.ibm.com/support/pages/node/7177586"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Robotic Process Automation privilege escalation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-21T20:58:27.463452Z", "id": "CVE-2024-51448", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T20:58:29.659Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-51448", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-21T20:58:27.463452Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T20:58:22.059Z"}}], "cna": {"title": "IBM Robotic Process Automation privilege escalation", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:21.0.7.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:robotic_process_automation:23.0.18:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Robotic Process Automation", "versions": [{"status": "affected", "version": "21.0.0", "versionType": "semver", "lessThanOrEqual": "21.0.7.17"}, {"status": "affected", "version": "23.0.0", "versionType": "semver", "lessThanOrEqual": "23.0.18"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7177586"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege.</span></span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-277", "description": "CWE-277 Insecure Inherited Permissions"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-01-18T15:08:42.484Z"}}}, "cveMetadata": {"cveId": "CVE-2024-51448", "state": "PUBLISHED", "dateUpdated": "2025-01-21T20:58:29.659Z", "dateReserved": "2024-10-28T10:49:59.191Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-01-18T15:08:42.484Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD5A94A8-24DB-4F6F-A629-031BD4BDB7F3", "versionEndIncluding": "21.0.7.17", "versionStartIncluding": "21.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*", "matchCriteriaId": "4641E270-157D-4040-901F-8EC5BC13961C", "versionEndIncluding": "23.0.18", "versionStartIncluding": "23.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege."}, {"lang": "es", "value": "IBM Robotic Process Automation 21.0.0 a 21.0.7.17 y 23.0.0 a 23.0.18 podr\u00edan permitir que un usuario local aumente sus privilegios. Todos los archivos de la instalaci\u00f3n heredan los permisos de archivo del directorio principal y, por lo tanto, un usuario sin privilegios puede sustituir cualquier ejecutable por el servicio nssm.exe. Un reinicio posterior del servicio o del servidor ejecutar\u00e1 ese binario con privilegios de administrador."}], "id": "CVE-2024-51448", "lastModified": "2025-03-25T14:06:48.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-01-18T15:15:08.183", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7177586"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-277"}], "source": "psirt@us.ibm.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}