CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42442 – IBM Robotic Process Automation for Cloud Pak information disclosure
https://notcve.org/view.php?id=CVE-2022-42442
IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214. IBM Robotic Process Automation para Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4 y 21.0.5 es vulnerable a la exposición de la dirección de correo electrónico del propietario del primer inquilino a los usuarios con acceso a la plataforma de contenedores. ID de IBM X-Force: 238214. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238214 https://www.ibm.com/support/pages/node/6831787 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-38710 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2022-38710
IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292. "IBM Robotic Process Automation 21.0.1 y 21.0.2 podrían revelar información confidencial de la versión que podría ayudar en futuros ataques contra el sistema. IBM X-Force ID: 234292". • https://exchange.xforce.ibmcloud.com/vulnerabilities/234292 https://www.ibm.com/support/pages/node/6831681 • CWE-312: Cleartext Storage of Sensitive Information CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38709
https://notcve.org/view.php?id=CVE-2022-38709
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291. IBM Robotic Process Automation versiones 21.0.1, 21.0.2 y 21.0.3 para Cloud Pak, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/234291 https://www.ibm.com/support/pages/node/6826011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36774
https://notcve.org/view.php?id=CVE-2022-36774
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, es vulnerable a ataques de tipo man in the middle mediante la manipulación de la configuración del proxy del cliente. IBM X-Force ID: 233575 • https://exchange.xforce.ibmcloud.com/vulnerabilities/233575 https://www.ibm.com/support/pages/node/6826013 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-39168
https://notcve.org/view.php?id=CVE-2022-39168
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. IBM Robotic Process Automation Clients son vulnerables a una exposición de credenciales de proxy en los registros de actualización. IBM X-Force ID: 235422 • https://exchange.xforce.ibmcloud.com/vulnerabilities/235422 https://www.ibm.com/support/pages/node/6824885 • CWE-522: Insufficiently Protected Credentials •