Sensitive Information Exposure in IBM Robotic Process Automation
CVE-2022-33954

4.6MEDIUM

Key Information:

Vendor: IBM
Status: Robotic Process Automation
Vendor: CVE Published:; 19 December 2024

Summary

CVE-2022-33954 represents a significant security risk within IBM's Robotic Process Automation versions 21.0.1, 21.0.2, and 21.0.3. This vulnerability allows users with physical access to the system to exploit insufficiently protected credentials, potentially leading to unauthorized access to sensitive information stored on the device. Organizations utilizing these affected versions should prioritize updates and implement security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

Robotic Process Automation 21.0.1, 21.0.2, 21.0.3

References

https://www.ibm.com/support/pages/node/6608458

vendor-advisory

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 19, 2024
Vulnerability Reserved
Jun 17, 2022