CVE-2023-22592 – IBM Robotic Process Automation for Cloud Pak insufficient permission settings
https://notcve.org/view.php?id=CVE-2023-22592
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073. IBM Robotic Process Automation para Cloud Pak 21.0.1 a 21.0.4 podría permitir que un usuario local realice acciones no autorizadas debido a una configuración de permisos insuficiente. ID de IBM X-Force: 244073. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244073 https://www.ibm.com/support/pages/node/6855839 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2022-3466 – Cri-o: security regression of cve-2022-27652
https://notcve.org/view.php?id=CVE-2022-3466
The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652. La versión de cri-o publicada para Red Hat OpenShift Container Platform 4.9.48, 4.10.31 y 4.11.6 a través de RHBA-2022:6316, RHBA-2022:6257 y RHBA-2022:6658, respectivamente, incluía una versión incorrecta de cri-o le falta la solución para CVE-2022-27652, que se solucionó anteriormente en OCP 4.9.41 y 4.10.12 a través de RHBA-2022:5433 y RHSA-2022:1600. Este problema podría permitir que un atacante con acceso a programas con capacidades de archivos heredables eleve esas capacidades al conjunto permitido cuando se ejecuta execve(2). • https://access.redhat.com/errata/RHSA-2022:7398 https://access.redhat.com/security/cve/CVE-2022-3466 https://bugzilla.redhat.com/show_bug.cgi?id=2134063 • CWE-276: Incorrect Default Permissions •
CVE-2023-0296 – openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher
https://notcve.org/view.php?id=CVE-2023-0296
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component. The Birthday attack against 64-bit block ciphers (CVE-2016-2183) was reported for the health checks port (9979) on the etcd grpc-proxy component. • https://bugzilla.redhat.com/show_bug.cgi?id=2161287 https://access.redhat.com/security/cve/CVE-2023-0296 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2022-43573 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2022-43573
IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238678 https://www.ibm.com/support/pages/node/6852655 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-41740 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2022-41740
IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238053 https://www.ibm.com/support/pages/node/6852657 • CWE-312: Cleartext Storage of Sensitive Information •