CVE-2019-11875

Name of the Vulnerable Software and Affected Versions Blue Prism Robotic Process Automation version 6.4.0.8445

Description A vulnerability in access control exists, allowing for privilege escalation. This issue can be exploited to abuse the application for fraud or unauthorized access to certain information. The attack requires a valid user account to connect to the Blue Prism server, but no specific permissions are needed for the associated roles. An attacker can modify application files to grant full permissions on the client side and, in a test environment or their own instance, grant themselves full privileges on the server side. This enables the creation of a process with malicious behavior, which can be exported and then imported as a release, overwriting existing processes in the database. The bots will eventually execute the malicious process, as the server does not check user permissions for these actions. Possible scenarios include changing bank accounts or setting passwords.

Recommendations For Blue Prism Robotic Process Automation version 6.4.0.8445, consider restricting access to the application's modification capabilities to prevent privilege escalation until a patch is available. As a temporary workaround, monitor all changes to processes and releases in the database to detect potential malicious activity.