CVE-2022-41294
https://notcve.org/view.php?id=CVE-2022-41294
IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807. IBM Robotic Process Automation versiones 21.0.0, 21.0.1, 21.0.2, 21.0.3 y 21.0.4, es vulnerable a una compartición de recursos de origen cruzado mediante la api del bot. IBM X-Force ID: 236807 • https://exchange.xforce.ibmcloud.com/vulnerabilities/236807 https://www.ibm.com/support/pages/node/6825985 • CWE-346: Origin Validation Error •
CVE-2022-36774
https://notcve.org/view.php?id=CVE-2022-36774
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, es vulnerable a ataques de tipo man in the middle mediante la manipulación de la configuración del proxy del cliente. IBM X-Force ID: 233575 • https://exchange.xforce.ibmcloud.com/vulnerabilities/233575 https://www.ibm.com/support/pages/node/6826013 •
CVE-2022-22503
https://notcve.org/view.php?id=CVE-2022-22503
IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125. IBM Robotic Process Automation 21.0.0, podría permitir a un atacante remoto secuestrar la acción de hacer clic de la víctima. Al persuadir a una víctima para que visite un sitio web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de clic de la víctima y posiblemente lanzar más ataques contra ella. • https://exchange.xforce.ibmcloud.com/vulnerabilities/227125 https://www.ibm.com/support/pages/node/6825995 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2022-22490
https://notcve.org/view.php?id=CVE-2022-22490
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, podría permitir a un usuario privilegiado obtener información confidencial de credenciales del bot de Azure. IBM X-Force ID: 226342 • https://exchange.xforce.ibmcloud.com/vulnerabilities/226342 https://www.ibm.com/support/pages/node/6610397 • CWE-552: Files or Directories Accessible to External Parties •
CVE-2022-34338
https://notcve.org/view.php?id=CVE-2022-34338
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, podría divulgar información confidencial debido a una administración inapropiada de los privilegios para los tipos de proveedores de almacenamiento. IBM X-Force ID: 229962 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229962 https://www.ibm.com/support/pages/node/6608606 • CWE-269: Improper Privilege Management •