IBM RPC: Proxy Credentials Leaked in Upgrade Logs
CVE-2022-39168 Published on September 29, 2022
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.
Weakness Type
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Products Associated with CVE-2022-39168
Want to know whenever a new CVE is published for IBM products? stack.watch will email you.
Affected Versions
IBM Robotic Process Automation:- Version 21.0.3 is affected.
- Version 21.0.4 is affected.
Exploit Probability
EPSS
0.21%
Percentile
42.57%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.