IBM Robotic Process Automation Cloud Pak
By the Year
In 2023 there have been 3 vulnerabilities in IBM Robotic Process Automation Cloud Pak with an average score of 6.5 out of ten. Last year Robotic Process Automation Cloud Pak had 6 security vulnerabilities published. Right now, Robotic Process Automation Cloud Pak is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.43.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 3 | 6.50 |
| 2022 | 6 | 6.07 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Robotic Process Automation Cloud Pak vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Robotic Process Automation Cloud Pak Security Vulnerabilities
IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes
CVE-2023-23476
6.5 - Medium
- August 02, 2023
IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425.
AuthZ
IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials
CVE-2023-25680
6.5 - Medium
- March 15, 2023
IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools
CVE-2022-46773
6.5 - Medium
- March 15, 2023
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.
authentification
"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could
CVE-2022-43574
7.5 - High
- November 03, 2022
"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679."
Incorrect Default Permissions
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting
CVE-2022-38709
6.1 - Medium
- October 06, 2022
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291.
XSS
IBM Robotic Process Automation 21.0.0
CVE-2022-36774
5.3 - Medium
- October 06, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575.
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs
CVE-2022-39168
7.5 - High
- September 29, 2022
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.
Insufficiently Protected Credentials
IBM Robotic Process Automation 21.0.1 and 21.0.2 could
CVE-2022-33953
4.6 - Medium
- June 24, 2022
IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198.
Insufficiently Protected Credentials
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting
CVE-2022-22502
5.4 - Medium
- June 24, 2022
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227124.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for IBM Robotic Process Automation As Service or by IBM? Click the Watch button to subscribe.
