CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51457 – IBM Robotic Process Automation for Cloud Pak cross-site scripting
https://notcve.org/view.php?id=CVE-2024-51457
22 Jan 2025 — IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7181230 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49824 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2024-49824
18 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement. • https://www.ibm.com/support/pages/node/7177587 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45189 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-45189
03 Nov 2023 — A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752. Una vulnerabilidad en IBM Robotic Process Automation e IBM Robotic Process Automation para Cloud Pak 21.0.0 a 21.0.7.10, 23.0.0 a 23.0.10 puede provocar acceso... • https://exchange.xforce.ibmcloud.com/vulnerabilities/268752 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43058 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2023-43058
06 Oct 2023 — IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527. IBM Robotic Process Automation 23.0.9 es vulnerable a la escalada de privilegios que afecta la propiedad de los proyectos. ID de IBM X-Force: 247527. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267527 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-23476 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-23476
02 Aug 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425. IBM Robotic Process Automation v21.0.0 a 21.0.7.latest es vulnerable al acceso no autorizado a datos debido a una validación de autorización insuficiente en algunas rutas API. ID de IBM X-Force: 245425. • https://exchange.xforce.ibmcloud.com/vulnerabilities/245425 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-35900 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-35900
19 Jul 2023 — IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259368 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-35901 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2023-35901
16 Jul 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259380 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-46773 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2022-46773
15 Mar 2023 — IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951. • https://exchange.xforce.ibmcloud.com/vulnerabilities/242951 • CWE-287: Improper Authentication •