CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22502
https://notcve.org/view.php?id=CVE-2022-22502
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227124. IBM Robotic Process Automation versiones 21.0.1 y 21.0.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/227124 https://www.ibm.com/support/pages/node/6597667 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22414
https://notcve.org/view.php?id=CVE-2022-22414
IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026. IBM Robotic Process Automation versión 21.0.2, podría permitir a un usuario local obtener credenciales de configuración de servicios web confidenciales de la memoria del sistema. IBM X-Force ID: 223026 • https://exchange.xforce.ibmcloud.com/vulnerabilities/223026 https://www.ibm.com/support/pages/node/6596071 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30607
https://notcve.org/view.php?id=CVE-2022-30607
IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294. IBM Robotic Process Automation versiones 20.10.0, 20.12.5, 21.0.0, 21.0.1 y 21.0.2, contiene una vulnerabilidad que podría permitir a un usuario obtener información confidencial debido a una información correctamente enmascarada en la interfaz de usuario del centro de control. IBM X-Force ID: 227294 • https://exchange.xforce.ibmcloud.com/vulnerabilities/227294 https://www.ibm.com/support/pages/node/6595759 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22413
https://notcve.org/view.php?id=CVE-2022-22413
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 223022. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, es vulnerable a una inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente diseñadas, lo que podría permitir al atacante visualizar, añadir, modificar o eliminar información en la base de datos del back-end. • https://exchange.xforce.ibmcloud.com/vulnerabilities/223022 https://www.ibm.com/support/pages/node/6585628 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22319
https://notcve.org/view.php?id=CVE-2022-22319
IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366. IBM Robotic Process Automation versión 21.0.1, podría permitir que un usuario registrado en el sistema eliminara físicamente una cola, lo que podría causar la interrupción de cualquier script dependiente de la cola. IBM X-Force ID: 218366 • https://exchange.xforce.ibmcloud.com/vulnerabilities/218366 https://www.ibm.com/support/pages/node/6569203 https://www.ibm.com/support/pages/node/6583547 •