IBM Robotic Process Automation for Cloud Pak insufficient permission settings
CVE-2023-22592

4MEDIUM

Key Information:

Vendor
IBM
Status
Robotic Process Automation For Cloud Pak
Vendor
CVE Published:
18 January 2023

Summary

A vulnerability in IBM Robotic Process Automation for Cloud Pak versions 21.0.1 through 21.0.4 may allow local users to perform unauthorized actions. This is due to insufficient permission settings that do not adequately restrict user capabilities, potentially leading to security breaches. Organizations using these versions should review their permission configurations to mitigate this risk.

Affected Version(s)

Robotic Process Automation for Cloud Pak 21.0.1 < 21.0.4

References

https://www.ibm.com/support/pages/node/6855839
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/244073
vdb-entry

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.