IBM RPA 21.0.021.0.7 API Route Unauthorized Access
CVE-2023-23476 Published on August 2, 2023
IBM Robotic Process Automation information disclosure
IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425.
Vulnerability Analysis
CVE-2023-23476 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2023-23476 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2023-23476
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-23476 are published in these products:
Affected Versions
IBM Robotic Process Automation:- Version 21.0.0, <= 21.0.7.latest is affected.
- Version 21.0.0, <= 21.0.7.latest is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.