Skip to main content

Robotic Process Automation For Cloud Pak CVE-2024-51457

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2025-01-22 psirt@us.ibm.com
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:05 vuln.today
CVE Published
Jan 22, 2025 - 17:15 nvd
MEDIUM 4.4

DescriptionCVE.org

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

AnalysisAI

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Affected products include: Ibm Robotic Process Automation For Cloud Pak. Version information: through 21.0.7.19.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-43058 CRITICAL
9.8 Oct 06

IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. Rated cr

CVE-2022-35280 CRITICAL
9.8 Aug 10

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by de

CVE-2023-22592 HIGH
7.8 Jan 18

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized acti

CVE-2022-43574 HIGH
7.5 Nov 03

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignm

CVE-2022-39168 HIGH
7.5 Sep 29

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. Rated high sev

CVE-2023-45189 MEDIUM
6.5 Nov 03

A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7

CVE-2023-23476 MEDIUM
6.5 Aug 02

IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insuffic

CVE-2023-25680 MEDIUM
6.5 Mar 15

IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Rated mediu

CVE-2024-49825 MEDIUM
6.3 Apr 14

IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through

CVE-2022-38709 MEDIUM
6.1 Oct 06

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. Rated med

CVE-2023-22863 MEDIUM
5.9 Jan 18

IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not expli

CVE-2023-22594 MEDIUM
5.4 Jan 18

IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. Rated medium

Share

CVE-2024-51457 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy