Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Robotic_process_automation_for_cloud_pak
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-06 | CVE-2022-36774 | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. | Robotic_process_automation, Robotic_process_automation_as_a_service, Robotic_process_automation_for_cloud_pak | 5.3 | ||
| 2022-10-06 | CVE-2022-38709 | IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291. | Robotic_process_automation_for_cloud_pak | 6.1 | ||
| 2022-11-03 | CVE-2022-38710 | IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 234292. | Robotic_process_automation, Robotic_process_automation_as_a_service, Robotic_process_automation_for_cloud_pak | 5.3 | ||
| 2022-11-03 | CVE-2022-42442 | IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214. | Robotic_process_automation_for_cloud_pak | 3.3 | ||
| 2022-11-03 | CVE-2022-43574 | "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679." | Robotic_process_automation, Robotic_process_automation_for_cloud_pak | 7.5 | ||
| 2023-01-05 | CVE-2022-41740 | IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053. | Robotic_process_automation, Robotic_process_automation_for_cloud_pak | 4.6 | ||
| 2023-01-05 | CVE-2022-43573 | IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678. | Robotic_process_automation, Robotic_process_automation_as_a_service, Robotic_process_automation_for_cloud_pak | 5.3 | ||
| 2023-01-05 | CVE-2022-43844 | IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081. | Robotic_process_automation_for_cloud_pak | 8.8 | ||
| 2023-01-18 | CVE-2023-22592 | IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073. | Robotic_process_automation_for_cloud_pak | 7.8 | ||
| 2023-01-18 | CVE-2023-22594 | IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075. | Robotic_process_automation, Robotic_process_automation_as_a_service, Robotic_process_automation_for_cloud_pak | 5.4 |