IBM Robotic Process Automation information disclosure
CVE-2023-45189

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Robotic Process Automation; Robotic Process Automation For Cloud Pak
Vendor: CVE Published:; 3 November 2023

Summary

A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.

Affected Version(s)

Robotic Process Automation 21.0.0 <= 21.0.7.10

Robotic Process Automation 23.0.0 <= 23.0.10

Robotic Process Automation for Cloud Pak 21.0.0 <= 21.0.7.10

References

https://www.ibm.com/support/pages/node/7065204

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/268752

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Oct 5, 2023