IBM Robotic Process Automation for Cloud Pak insufficient permission settings
CVE-2023-22592

7.8HIGH

Key Information:

Vendor: IBM
Status: Robotic Process Automation for Cloud Pak
Vendor: CVE Published:; 18 January 2023

Summary

A vulnerability in IBM Robotic Process Automation for Cloud Pak versions 21.0.1 through 21.0.4 may allow local users to perform unauthorized actions. This is due to insufficient permission settings that do not adequately restrict user capabilities, potentially leading to security breaches. Organizations using these versions should review their permission configurations to mitigate this risk.

Affected Version(s)

Robotic Process Automation for Cloud Pak 21.0.1 < 21.0.4

References

https://www.ibm.com/support/pages/node/6855839

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/244073

vdb-entry

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Jan 3, 2023