CVE-2023-23468 – IBM Robotic Process Automation for Cloud Pak access control
https://notcve.org/view.php?id=CVE-2023-23468
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244500 https://www.ibm.com/support/pages/node/7005999 •
CVE-2023-22593 – IBM Robotic Process Automation for Cloud Pak security configuration
https://notcve.org/view.php?id=CVE-2023-22593
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244074 https://www.ibm.com/support/pages/node/7006001 • CWE-863: Incorrect Authorization •
CVE-2023-22591 – IBM Robotic Process Automation session fixation
https://notcve.org/view.php?id=CVE-2023-22591
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710. • https://exchange.xforce.ibmcloud.com/vulnerabilities/243710 https://www.ibm.com/support/pages/node/6962175 • CWE-613: Insufficient Session Expiration •
CVE-2022-46773 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2022-46773
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951. • https://exchange.xforce.ibmcloud.com/vulnerabilities/242951 https://www.ibm.com/support/pages/node/6962155 • CWE-287: Improper Authentication •