IBM RPA Vulnerability Exposes User IDs Across Tenants
CVE-2022-22506

4.6MEDIUM

Key Information:

Vendor: IBM
Status: Robotic Process Automation
Vendor: CVE Published:; 12 February 2024

Summary

IBM Robotic Process Automation version 21.0.2 is affected by a vulnerability that can result in the exposure of user IDs across different tenants. This issue raises significant concerns regarding tenant isolation and data security, as unauthorized access to user identities could potentially lead to further security breaches. Organizations using this product should implement appropriate security measures to safeguard sensitive information and ensure tenant-level data separation.

Affected Version(s)

Robotic Process Automation 21.0.2

References

https://www.ibm.com/support/pages/node/6591237

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/227293

vdb-entry

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2024
Vulnerability Reserved
Jan 3, 2022