Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Robotic_process_automation_for_cloud_pak
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-06-24 | CVE-2022-22502 | IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227124. | Robotic_process_automation, Robotic_process_automation_as_a_service, Robotic_process_automation_for_cloud_pak | 5.4 | ||
| 2022-06-24 | CVE-2022-33953 | IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198. | Robotic_process_automation, Robotic_process_automation_as_a_service, Robotic_process_automation_for_cloud_pak | 4.6 | ||
| 2022-08-10 | CVE-2022-22490 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342. | Robotic_process_automation, Robotic_process_automation_as_a_service, Robotic_process_automation_for_cloud_pak | 4.9 | ||
| 2022-08-10 | CVE-2022-35280 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634. | Robotic_process_automation_for_cloud_pak | 9.8 | ||
| 2022-09-29 | CVE-2022-39168 | IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. | Robotic_process_automation, Robotic_process_automation_for_cloud_pak, Robotic_process_automation_for_services | 7.5 | ||
| 2022-10-06 | CVE-2022-36774 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. | Robotic_process_automation, Robotic_process_automation_as_a_service, Robotic_process_automation_for_cloud_pak | 5.3 | ||
| 2022-10-06 | CVE-2022-38709 | IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291. | Robotic_process_automation_for_cloud_pak | 6.1 | ||
| 2022-11-03 | CVE-2022-38710 | IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292. | Robotic_process_automation, Robotic_process_automation_as_a_service, Robotic_process_automation_for_cloud_pak | 5.3 | ||
| 2022-11-03 | CVE-2022-42442 | IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214. | Robotic_process_automation_for_cloud_pak | 3.3 | ||
| 2022-11-03 | CVE-2022-43574 | "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679." | Robotic_process_automation, Robotic_process_automation_for_cloud_pak | 7.5 |