CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22863 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-22863
18 Jan 2023 — IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109. IBM Robotic Process Automation 20.12.0 a 21.0.2 utiliza de forma predeterminada HTTP en algunos comandos RPA cuando el prefijo no se especifica explícitamente en la URL. Esto podría permitir a un atacante obtener información confidencial utili... • https://exchange.xforce.ibmcloud.com/vulnerabilities/244109 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22594 – IBM Robotic Process Automation for Cloud Pak cross-site scripting
https://notcve.org/view.php?id=CVE-2023-22594
18 Jan 2023 — IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075. IBM Robotic Process Automation para Cloud Pak 20.12.0 a 21.0.4 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en l... • https://exchange.xforce.ibmcloud.com/vulnerabilities/244075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22592 – IBM Robotic Process Automation for Cloud Pak insufficient permission settings
https://notcve.org/view.php?id=CVE-2023-22592
18 Jan 2023 — IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073. IBM Robotic Process Automation para Cloud Pak 21.0.1 a 21.0.4 podría permitir que un usuario local realice acciones no autorizadas debido a una configuración de permisos insuficiente. ID de IBM X-Force: 244073. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244073 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-43573 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2022-43573
05 Jan 2023 — IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238678 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-41740 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2022-41740
05 Jan 2023 — IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238053 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43844 – IBM Robotic Process Automation for Cloud Pak session fixation
https://notcve.org/view.php?id=CVE-2022-43844
05 Jan 2023 — IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239081 • CWE-613: Insufficient Session Expiration •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42442 – IBM Robotic Process Automation for Cloud Pak information disclosure
https://notcve.org/view.php?id=CVE-2022-42442
03 Nov 2022 — IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214. IBM Robotic Process Automation para Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4 y 21.0.5 es vulnerable a la exposición de la dirección de correo electrónico del propietario del primer inquilino a los usuarios con acceso a la plataforma de contenedores. ID de IBM X-Force: 238214. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238214 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-38710 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2022-38710
03 Nov 2022 — IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292. "IBM Robotic Process Automation 21.0.1 y 21.0.2 podrían revelar información confidencial de la versión que podría ayudar en futuros ataques contra el sistema. IBM X-Force ID: 234292". IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further at... • https://exchange.xforce.ibmcloud.com/vulnerabilities/234292 • CWE-312: Cleartext Storage of Sensitive Information CWE-319: Cleartext Transmission of Sensitive Information CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43574
https://notcve.org/view.php?id=CVE-2022-43574
03 Nov 2022 — "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679." "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4 y 21.0.5 es vulnerable a una asignación de permisos incorrecta que podría permitir el acceso a las configuraciones de la aplicación. ID de IBM X-Force: 238679". • https://www.ibm.com/support/pages/node/6831645 • CWE-276: Incorrect Default Permissions •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38709
https://notcve.org/view.php?id=CVE-2022-38709
06 Oct 2022 — IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291. IBM Robotic Process Automation versiones 21.0.1, 21.0.2 y 21.0.3 para Cloud Pak, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios inserta... • https://exchange.xforce.ibmcloud.com/vulnerabilities/234291 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •