Home

Description

IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

PUBLISHED Reserved 2024-10-20 | Published 2025-04-14 | Updated 2025-09-01 | Assigner ibm




MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem types

CWE-613 Insufficient Session Expiration

Product status

Default status
unaffected

21.0.0 (semver)
affected

23.0.0 (semver)
affected

Default status
unaffected

21.0.0 (semver)
affected

23.0.0 (semver)
affected

References

www.ibm.com/support/pages/node/7230848 vendor-advisory patch

cve.org (CVE-2024-49825)

nvd.nist.gov (CVE-2024-49825)

Download JSON