Description
IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- ibm / robotic_process_automation21.0.1 – 21.0.1
- ibm / robotic_process_automation21.0.7.17 – 21.0.7.17
- ibm / robotic_process_automation23.0.0 – 23.0.0
- ibm / robotic_process_automation23.0.18 – 23.0.18