CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41294
https://notcve.org/view.php?id=CVE-2022-41294
06 Oct 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807. IBM Robotic Process Automation versiones 21.0.0, 21.0.1, 21.0.2, 21.0.3 y 21.0.4, es vulnerable a una compartición de recursos de origen cruzado mediante la api del bot. IBM X-Force ID: 236807 • https://exchange.xforce.ibmcloud.com/vulnerabilities/236807 • CWE-346: Origin Validation Error •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36774
https://notcve.org/view.php?id=CVE-2022-36774
06 Oct 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, es vulnerable a ataques de tipo man in the middle mediante la manipulación de la configuración del proxy del cliente. IBM X-Force ID: 233575 • https://exchange.xforce.ibmcloud.com/vulnerabilities/233575 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22503
https://notcve.org/view.php?id=CVE-2022-22503
06 Oct 2022 — IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125. IBM Robotic Process Automation 21.0.0, podría permitir a un atacante remoto secuestrar la acción de hacer clic de la víctima. Al persuadir a una víctima para que visite un sitio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/227125 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22490
https://notcve.org/view.php?id=CVE-2022-22490
10 Aug 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, podría permitir a un usuario privilegiado obtener información confidencial de credenciales del bot de Azure. IBM X-Force ID: 226342 • https://exchange.xforce.ibmcloud.com/vulnerabilities/226342 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34338
https://notcve.org/view.php?id=CVE-2022-34338
31 Jul 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, podría divulgar información confidencial debido a una administración inapropiada de los privilegios para los tipos de proveedores de almacenamiento. IBM X-Force ID: 229962 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229962 • CWE-269: Improper Privilege Management •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33169
https://notcve.org/view.php?id=CVE-2022-33169
31 Jul 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, es vulnerable a credenciales protegidas insuficientemente para usuarios creados por medio de una carga masiva. IBM X-Force ID: 228888 • https://exchange.xforce.ibmcloud.com/vulnerabilities/228888 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30616
https://notcve.org/view.php?id=CVE-2022-30616
31 Jul 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, podría permitir a un usuario privilegiado elevar los privilegios a administrador de la plataforma mediante la manipulación de las API. IBM X-Force ID: 227978 • https://exchange.xforce.ibmcloud.com/vulnerabilities/227978 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22505
https://notcve.org/view.php?id=CVE-2022-22505
31 Jul 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, contiene una vulnerabilidad que podría permitir la exposición de las credenciales de los inquilinos de IBM. IBM X-Force ID: 227288 • https://exchange.xforce.ibmcloud.com/vulnerabilities/227288 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22334
https://notcve.org/view.php?id=CVE-2022-22334
31 Jul 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, podría permitir a un usuario acceder a información de un tenant a la que no debería tener acceso. IBM X-Force ID: 219391 • https://exchange.xforce.ibmcloud.com/vulnerabilities/219391 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22412
https://notcve.org/view.php?id=CVE-2022-22412
26 Jul 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. IBM X-Force ID: 223019. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, podrían permitir a un usuario con acceso al host local (máquina cliente) obtener un token de acceso de inicio de sesión. IBM X-Force ID: 223019. • https://exchange.xforce.ibmcloud.com/vulnerabilities/223019 •