CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-35901 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2023-35901
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259380 https://www.ibm.com/support/pages/node/7012317 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-46773 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2022-46773
IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951. • https://exchange.xforce.ibmcloud.com/vulnerabilities/242951 https://www.ibm.com/support/pages/node/6962155 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25680 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-25680
IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247032 https://www.ibm.com/support/pages/node/6962207 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22863 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-22863
IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109. IBM Robotic Process Automation 20.12.0 a 21.0.2 utiliza de forma predeterminada HTTP en algunos comandos RPA cuando el prefijo no se especifica explícitamente en la URL. Esto podría permitir a un atacante obtener información confidencial utilizando técnicas de intermediario. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244109 https://www.ibm.com/support/pages/node/6855837 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22594 – IBM Robotic Process Automation for Cloud Pak cross-site scripting
https://notcve.org/view.php?id=CVE-2023-22594
IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075. IBM Robotic Process Automation para Cloud Pak 20.12.0 a 21.0.4 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244075 https://www.ibm.com/support/pages/node/6855835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •