Privilege Escalation in IBM Robotic Process Automation Using PostgreSQL
CVE-2019-4298

7.7HIGH

Key Information:

Vendor: IBM
Status: Robotic Process Automation With Automation Anywhere
Vendor: CVE Published:; 1 July 2019

Summary

IBM Robotic Process Automation with Automation Anywhere 11 utilizes a high-privilege PostgreSQL account for database access. This configuration flaw permits a local user to execute actions that exceed their authorized privileges, posing a significant security risk. It is crucial for organizations using this product to closely monitor and restrict access to sensitive database functionalities to mitigate potential exploitation.

Affected Version(s)

Robotic Process Automation with Automation Anywhere 11

References

http://www.ibm.com/support/docview.wss?uid=ibm10884820

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/160764

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 1, 2019
Vulnerability Reserved
Jan 3, 2019