- Description
- IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege.
- Source
- psirt@us.ibm.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- psirt@us.ibm.com
- CWE-277
- Hype score
- Not currently trending
CVE-2024-51448 IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inh… https://t.co/xOEGSj7lMx
@CVEnew
18 Jan 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2024-51448 | IBM Robotic Process Automation up to 21.0.7.17/23.0.18 nssm.exe insecure inherited permissions) has been published on https://t.co/tN0OjRz5dj
@WolfgangSesin
18 Jan 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51448 Privilege Escalation in IBM RPA via Executable Substitution https://t.co/IyghnDxcSp
@VulmonFeeds
18 Jan 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes