Privilege Escalation in IBM Robotic Process Automation Using PostgreSQL
CVE-2019-4298

7.7HIGH

Key Information:

Vendor: IBM
Status: Robotic Process Automation With Automation Anywhere
Vendor: CVE Published:; 1 July 2019

What is CVE-2019-4298?

IBM Robotic Process Automation with Automation Anywhere 11 utilizes a high-privilege PostgreSQL account for database access. This configuration flaw permits a local user to execute actions that exceed their authorized privileges, posing a significant security risk. It is crucial for organizations using this product to closely monitor and restrict access to sensitive database functionalities to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Robotic Process Automation with Automation Anywhere 11

References

http://www.ibm.com/support/docview.wss?uid=ibm10884820

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/160764

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 1, 2019
Vulnerability Reserved
Jan 3, 2019

JSON

IBM

What is CVE-2019-4298?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.