CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41294
https://notcve.org/view.php?id=CVE-2022-41294
06 Oct 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807. IBM Robotic Process Automation versiones 21.0.0, 21.0.1, 21.0.2, 21.0.3 y 21.0.4, es vulnerable a una compartición de recursos de origen cruzado mediante la api del bot. IBM X-Force ID: 236807 • https://exchange.xforce.ibmcloud.com/vulnerabilities/236807 • CWE-346: Origin Validation Error •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38709
https://notcve.org/view.php?id=CVE-2022-38709
06 Oct 2022 — IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291. IBM Robotic Process Automation versiones 21.0.1, 21.0.2 y 21.0.3 para Cloud Pak, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios inserta... • https://exchange.xforce.ibmcloud.com/vulnerabilities/234291 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36774
https://notcve.org/view.php?id=CVE-2022-36774
06 Oct 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, es vulnerable a ataques de tipo man in the middle mediante la manipulación de la configuración del proxy del cliente. IBM X-Force ID: 233575 • https://exchange.xforce.ibmcloud.com/vulnerabilities/233575 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22503
https://notcve.org/view.php?id=CVE-2022-22503
06 Oct 2022 — IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125. IBM Robotic Process Automation 21.0.0, podría permitir a un atacante remoto secuestrar la acción de hacer clic de la víctima. Al persuadir a una víctima para que visite un sitio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/227125 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-39168
https://notcve.org/view.php?id=CVE-2022-39168
29 Sep 2022 — IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. IBM Robotic Process Automation Clients son vulnerables a una exposición de credenciales de proxy en los registros de actualización. IBM X-Force ID: 235422 • https://exchange.xforce.ibmcloud.com/vulnerabilities/235422 • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-35280
https://notcve.org/view.php?id=CVE-2022-35280
10 Aug 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, no exige que usuarios tengan contraseñas seguras por defecto, lo que facilita que atacantes puedan comprometer las cuentas de usuarios. IBM X-Force ID: 230634 • https://exchange.xforce.ibmcloud.com/vulnerabilities/230634 • CWE-521: Weak Password Requirements •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22490
https://notcve.org/view.php?id=CVE-2022-22490
10 Aug 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, podría permitir a un usuario privilegiado obtener información confidencial de credenciales del bot de Azure. IBM X-Force ID: 226342 • https://exchange.xforce.ibmcloud.com/vulnerabilities/226342 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34338
https://notcve.org/view.php?id=CVE-2022-34338
31 Jul 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, podría divulgar información confidencial debido a una administración inapropiada de los privilegios para los tipos de proveedores de almacenamiento. IBM X-Force ID: 229962 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229962 • CWE-269: Improper Privilege Management •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33169
https://notcve.org/view.php?id=CVE-2022-33169
31 Jul 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, es vulnerable a credenciales protegidas insuficientemente para usuarios creados por medio de una carga masiva. IBM X-Force ID: 228888 • https://exchange.xforce.ibmcloud.com/vulnerabilities/228888 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30616
https://notcve.org/view.php?id=CVE-2022-30616
31 Jul 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, podría permitir a un usuario privilegiado elevar los privilegios a administrador de la plataforma mediante la manipulación de las API. IBM X-Force ID: 227978 • https://exchange.xforce.ibmcloud.com/vulnerabilities/227978 •