IBM Robotic Process Automation as a Service 21.0.3

CPE Details

IBM Robotic Process Automation as a Service 21.0.3
ibm
robotic_process_automation_as_a_service
21.0.3
2022-11-04
13h32 +00:00
2022-11-07
16h29 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ibm:robotic_process_automation_as_a_service:21.0.3:*:*:*:*:*:*:*

Informations

Vendor

ibm

Product

robotic_process_automation_as_a_service

Version

21.0.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-35900 2023-07-19 00h58 +00:00 IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.
5.3
Medium
CVE-2023-35901 2023-07-16 23h31 +00:00 IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.
5.3
Medium
CVE-2023-22591 2023-03-15 20h07 +00:00 IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.
3.9
Low
CVE-2022-46773 2023-03-15 19h57 +00:00 IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.
6.5
Medium
CVE-2023-25680 2023-03-15 19h42 +00:00 IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.
6.5
Medium
CVE-2023-22594 2023-01-18 18h41 +00:00 IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075.
5.4
Medium
CVE-2022-43573 2023-01-05 17h39 +00:00 IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.
5.3
Medium
CVE-2022-22490 2022-08-10 16h50 +00:00 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342.
4.9
Medium
CVE-2022-22433 2022-05-05 16h00 +00:00 IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 224156.
7.5
High