IBM Robotic Process Automation security bypass
CVE-2022-46773

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Robotic Process Automation
Vendor: CVE Published:; 15 March 2023

What is CVE-2022-46773?

IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.

Affected Version(s)

Robotic Process Automation 21.0.0 < 21.0.7

Robotic Process Automation 23.0.0

References

https://www.ibm.com/support/pages/node/6962155

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/242951

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2023
Vulnerability Reserved
Dec 7, 2022