A newly disclosed safety vulnerability in IBM Robotic Course of Automation (RPA) has raised considerations about potential knowledge breaches.
The vulnerability, tracked as CVE-2024-51456, may permit distant attackers to use cryptographic weaknesses and entry delicate data.
IBM has launched a safety bulletin detailing the difficulty, alongside remediation measures to deal with the danger.
IBM Robotic Course of Automation Vulnerability
The vulnerability arises as a result of insecure implementation of the RSA algorithm with out Optimum Uneven Encryption Padding (OAEP), categorised beneath CWE-780 (Use of RSA Algorithm with out OAEP).
By exploiting this weak spot, a distant attacker could execute a crypto-analytic assault to intercept or retrieve delicate knowledge processed by the affected software program.
Examine Actual-World Malicious Hyperlinks, Malware & Phishing Assaults With ANY.RUN – Strive for Free
The vulnerability, recognized as CVE-2024-51456, has been assigned a CVSS Base Rating of 5.9, indicating average severity.
Its vector is outlined as CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, reflecting a network-based assault with excessive assault complexity, requiring no privileges or person interplay.
The first impression is on confidentiality, rated as excessive, whereas there isn’t any impact on integrity or availability.
Affected Merchandise and Variations
The vulnerability impacts a number of variations of IBM Robotic Course of Automation for each standalone deployments and deployments with IBM Cloud Pak. An in depth breakdown is supplied within the desk under:
| Affected Product | Model(s) |
| IBM Robotic Course of Automation | 21.0.0 – 21.0.7.19, 23.0.0 – 23.0.19 |
| IBM Robotic Course of Automation for Cloud Pak | 21.0.0 – 21.0.7.19, 23.0.0 – 23.0.19 |
IBM has addressed the vulnerability by releasing up to date variations of its affected merchandise. Customers are strongly beneficial to improve to model 23.0.20 or later to get rid of the danger posed by CVE-2024-51456.
For these utilizing IBM Robotic Course of Automation (RPA) variations 23.0.0 to 23.0.19, the repair entails downloading the up to date launch and following IBM’s remediation directions.
Equally, customers of IBM Robotic Course of Automation for Cloud Pak throughout the identical model vary ought to replace to model 23.0.20 or increased.
For older variations, particularly 21.0.0 to 21.0.7.19, IBM has supplied detailed mitigation steps as a short lived measure till the software program will be upgraded to a safe model.
Making use of these cures promptly is crucial for shielding delicate knowledge and guaranteeing the safety of the group’s automation workflows.
Discover this Information Fascinating! Observe us on Google Information, LinkedIn, and X to Get Instantaneous Updates!