Privilege Escalation in IBM Robotic Process Automation Using PostgreSQL
CVE-2019-4298

7.7HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 July 2019

Summary

IBM Robotic Process Automation with Automation Anywhere 11 utilizes a high-privilege PostgreSQL account for database access. This configuration flaw permits a local user to execute actions that exceed their authorized privileges, posing a significant security risk. It is crucial for organizations using this product to closely monitor and restrict access to sensitive database functionalities to mitigate potential exploitation.

Affected Version(s)

Robotic Process Automation with Automation Anywhere 11

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.