IBM Robotic Process Automation

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could

CVE-2023-22591 3.2 - Low - March 15, 2023

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.

Insufficient Session Expiration

IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials

CVE-2023-25680 6.5 - Medium - March 15, 2023

IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.

IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools

CVE-2022-46773 6.5 - Medium - March 15, 2023

IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.

authentification

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could

CVE-2022-43574 7.5 - High - November 03, 2022

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679."

Incorrect Default Permissions

IBM Robotic Process Automation 21.0.0

CVE-2022-36774 5.3 - Medium - October 06, 2022

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575.

authentification

IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api

CVE-2022-41294 6.5 - Medium - October 06, 2022

IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807.

Origin Validation Error

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim

CVE-2022-22503 6.1 - Medium - October 06, 2022

IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125.

Clickjacking

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs

CVE-2022-39168 7.5 - High - September 29, 2022

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.

Insufficiently Protected Credentials

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could

CVE-2022-30616 7.2 - High - August 01, 2022

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978.

Improper Privilege Management

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed

CVE-2022-22505 7.5 - High - August 01, 2022

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288.

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could

CVE-2022-22334 4.3 - Medium - August 01, 2022

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.

Exposure of Resource to Wrong Sphere

IBM Robotic Process Automation 21.0.0

CVE-2022-34338 6.5 - Medium - August 01, 2022

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962.

Improper Privilege Management

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created

CVE-2022-33169 6.5 - Medium - August 01, 2022

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888.

Insufficiently Protected Credentials

IBM Robotic Process Automation 21.0.1 and 21.0.2 could

CVE-2022-33953 4.6 - Medium - June 24, 2022

IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198.

Insufficiently Protected Credentials

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting

CVE-2022-22502 5.4 - Medium - June 24, 2022

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227124.

XSS

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection

CVE-2022-22413 9.8 - Critical - May 12, 2022

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 223022.

SQL Injection