IBM Robotic Process Automation for Cloud Pak session fixation
CVE-2022-43844

8.8HIGH

Key Information:

Vendor: IBM
Status: Robotic Process Automation For Cloud Pak
Vendor: CVE Published:; 5 January 2023

Summary

IBM Robotic Process Automation for Cloud Pak versions 20.12 through 21.0.3 are susceptible to a broken access control vulnerability. This flaw prevents the proper redirection of users to the platform logout screen upon logging out, potentially exposing sensitive information. Users may remain authenticated longer than intended, thereby increasing the risk of unauthorized access to the system. It is essential for organizations using these versions to implement the necessary updates and security measures to mitigate any associated risks.

Affected Version(s)

Robotic Process Automation for Cloud Pak 20.12 < 21.0.3

References

https://www.ibm.com/support/pages/node/6852663

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/239081

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 5, 2023
Vulnerability Reserved
Oct 26, 2022