CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-35280
https://notcve.org/view.php?id=CVE-2022-35280
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, no exige que usuarios tengan contraseñas seguras por defecto, lo que facilita que atacantes puedan comprometer las cuentas de usuarios. IBM X-Force ID: 230634 • https://exchange.xforce.ibmcloud.com/vulnerabilities/230634 https://www.ibm.com/support/pages/node/6610393 • CWE-521: Weak Password Requirements •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22490
https://notcve.org/view.php?id=CVE-2022-22490
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. IBM X-Force ID: 226342. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, podría permitir a un usuario privilegiado obtener información confidencial de credenciales del bot de Azure. IBM X-Force ID: 226342 • https://exchange.xforce.ibmcloud.com/vulnerabilities/226342 https://www.ibm.com/support/pages/node/6610397 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33953
https://notcve.org/view.php?id=CVE-2022-33953
IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198. IBM Robotic Process Automation versiones 21.0.1 y 21.0.2, podría permitir a un usuario con acceso psíquico al sistema obtener información confidencial debido a tokens de acceso insuficientemente protegidos. IBM X-Force ID: 229198 • https://exchange.xforce.ibmcloud.com/vulnerabilities/229198 https://www.ibm.com/support/pages/node/6597669 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22502
https://notcve.org/view.php?id=CVE-2022-22502
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227124. IBM Robotic Process Automation versiones 21.0.1 y 21.0.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/227124 https://www.ibm.com/support/pages/node/6597667 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •