IBM RPA 21.0.121.0.7/23.0.023.0.1 Sess Token Persistence PostReset
CVE-2023-22591 Published on March 15, 2023
IBM Robotic Process Automation session fixation
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.
Vulnerability Analysis
CVE-2023-22591 can be exploited with physical access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Products Associated with CVE-2023-22591
stack.watch emails you whenever new vulnerabilities are published in IBM Robotic Process Automation As Service or IBM Robotic Process Automation. Just hit a watch button to start following.
Affected Versions
IBM Robotic Process Automation:- Version 21.0.1 and below 21.0.7 is affected.
- Version 23.0.0 and below 23.0.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.