IBM Robotic Process Automation for Cloud Pak security configuration
CVE-2023-22593

7.8HIGH

Key Information:

Vendor: IBM
Status: Robotic Process Automation For Cloud Pak
Vendor: CVE Published:; 27 June 2023

What is CVE-2023-22593?

IBM Robotic Process Automation for Cloud Pak versions 21.0.1 to 21.0.7.3 and 23.0.0 to 23.0.3 are prone to a security misconfiguration in the Redis container. This flaw may allow attackers to achieve elevated privileges, potentially compromising system integrity and exposing sensitive data. Organizations utilizing affected versions should review their configurations to safeguard against unauthorized access.

Affected Version(s)

Robotic Process Automation for Cloud Pak 21.0.1 <= 21.0.7.3

Robotic Process Automation for Cloud Pak 23.0.0 <= 23.0.3

References

https://www.ibm.com/support/pages/node/7006001

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/244074

vdb-entry

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2023
Vulnerability Reserved
Jan 3, 2023