Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-49825

IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

Published

2025-04-14T15:15:23.627

Last Modified

2025-08-19T16:49:41.707

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-613

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	robotic_process_automation	≤ 21.0.7.20	Yes
Application	ibm	robotic_process_automation	≤ 23.0.20	Yes
Application	ibm	robotic_process_automation_for_cloud_pak	≤ 21.0.7.20	Yes
Application	ibm	robotic_process_automation_for_cloud_pak	≤ 23.0.20	Yes

References

https://www.ibm.com/support/pages/node/7230848 Vendor Advisory ([email protected])