CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-41740 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2022-41740
05 Jan 2023 — IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238053 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-38710 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2022-38710
03 Nov 2022 — IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292. "IBM Robotic Process Automation 21.0.1 y 21.0.2 podrían revelar información confidencial de la versión que podría ayudar en futuros ataques contra el sistema. IBM X-Force ID: 234292". IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further at... • https://exchange.xforce.ibmcloud.com/vulnerabilities/234292 • CWE-312: Cleartext Storage of Sensitive Information CWE-319: Cleartext Transmission of Sensitive Information CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43574
https://notcve.org/view.php?id=CVE-2022-43574
03 Nov 2022 — "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679." "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4 y 21.0.5 es vulnerable a una asignación de permisos incorrecta que podría permitir el acceso a las configuraciones de la aplicación. ID de IBM X-Force: 238679". • https://www.ibm.com/support/pages/node/6831645 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41294
https://notcve.org/view.php?id=CVE-2022-41294
06 Oct 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807. IBM Robotic Process Automation versiones 21.0.0, 21.0.1, 21.0.2, 21.0.3 y 21.0.4, es vulnerable a una compartición de recursos de origen cruzado mediante la api del bot. IBM X-Force ID: 236807 • https://exchange.xforce.ibmcloud.com/vulnerabilities/236807 • CWE-346: Origin Validation Error •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36774
https://notcve.org/view.php?id=CVE-2022-36774
06 Oct 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, es vulnerable a ataques de tipo man in the middle mediante la manipulación de la configuración del proxy del cliente. IBM X-Force ID: 233575 • https://exchange.xforce.ibmcloud.com/vulnerabilities/233575 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22503
https://notcve.org/view.php?id=CVE-2022-22503
06 Oct 2022 — IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125. IBM Robotic Process Automation 21.0.0, podría permitir a un atacante remoto secuestrar la acción de hacer clic de la víctima. Al persuadir a una víctima para que visite un sitio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/227125 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-39168
https://notcve.org/view.php?id=CVE-2022-39168
29 Sep 2022 — IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. IBM Robotic Process Automation Clients son vulnerables a una exposición de credenciales de proxy en los registros de actualización. IBM X-Force ID: 235422 • https://exchange.xforce.ibmcloud.com/vulnerabilities/235422 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22490
https://notcve.org/view.php?id=CVE-2022-22490
10 Aug 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, podría permitir a un usuario privilegiado obtener información confidencial de credenciales del bot de Azure. IBM X-Force ID: 226342 • https://exchange.xforce.ibmcloud.com/vulnerabilities/226342 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34338
https://notcve.org/view.php?id=CVE-2022-34338
31 Jul 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, podría divulgar información confidencial debido a una administración inapropiada de los privilegios para los tipos de proveedores de almacenamiento. IBM X-Force ID: 229962 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229962 • CWE-269: Improper Privilege Management •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33169
https://notcve.org/view.php?id=CVE-2022-33169
31 Jul 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, es vulnerable a credenciales protegidas insuficientemente para usuarios creados por medio de una carga masiva. IBM X-Force ID: 228888 • https://exchange.xforce.ibmcloud.com/vulnerabilities/228888 • CWE-522: Insufficiently Protected Credentials •