Login Sign Up

CVE-2024-51456

5.9 MEDIUM

📋 TL;DR

This vulnerability in IBM Robotic Process Automation allows remote attackers to potentially obtain sensitive data through crypto-analytic attacks. It affects IBM RPA versions 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19. Attackers could exploit weaknesses in cryptographic implementations to access protected information.

💻 Affected Systems

Products:
  • IBM Robotic Process Automation
Versions: 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments within affected version ranges are vulnerable regardless of configuration.

📦 What is this software?

Robotic Process Automation by Ibm

View all CVEs affecting Robotic Process Automation →

Robotic Process Automation by Ibm

View all CVEs affecting Robotic Process Automation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive data exposure including credentials, configuration secrets, or business process data could be decrypted by attackers, leading to data breaches and unauthorized system access.

🟠

Likely Case

Attackers with sufficient resources could perform cryptanalysis to recover some protected data over time, potentially exposing sensitive information stored or transmitted by the RPA system.

🟢

If Mitigated

With proper network segmentation and access controls, the attack surface is reduced, limiting exposure to trusted networks only.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires cryptanalysis capabilities and may require some level of access to observe encrypted data.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM RPA 21.0.7.20 or later, or 23.0.20 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7180685

Restart Required: Yes

Instructions:

1. Download the latest IBM RPA version from IBM Fix Central. 2. Backup current configuration and data. 3. Apply the update following IBM's installation guide. 4. Restart all RPA services. 5. Verify successful update.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to RPA systems to only trusted internal networks

Access Control Hardening

all

Implement strict authentication and authorization controls for RPA system access

🧯 If You Can't Patch

  • Implement network segmentation to isolate RPA systems from untrusted networks
  • Monitor for unusual cryptographic operations or data access patterns

🔍 How to Verify

Check if Vulnerable:

Check IBM RPA version via Control Center or command line: rpa version

Check Version:

rpa version

Verify Fix Applied:

Verify version is 21.0.7.20+ or 23.0.20+ and check IBM advisory for confirmation

📡 Detection & Monitoring

Log Indicators:

  • Unusual cryptographic operation patterns
  • Multiple failed decryption attempts
  • Unexpected data access from network sources

Network Indicators:

  • Unusual traffic patterns to RPA cryptographic endpoints
  • Repeated connection attempts to encryption services

SIEM Query:

source="rpa" AND (event_type="crypto_error" OR event_type="decryption_failure")

📊 Metadata

CVE ID: CVE-2024-51456
CVSS v3 Score: 5.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-780
EPSS Score: 0.05% exploit probability (13.9th percentile)
Published: January 12, 2025
Last Updated: March 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51456, you might also want to check these:

CVE-2022-40722 7.7

This vulnerability allows attackers to bypass offline multi-factor authentication (MFA) in PingID Ad...

Same vulnerability type (CWE-780)