CVE-2023-40370 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-40370
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263470 https://www.ibm.com/support/pages/node/7028218 •
CVE-2023-38733 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-38733
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262293 https://www.ibm.com/support/pages/node/7028223 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-38734 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2023-38734
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262481 https://www.ibm.com/support/pages/node/7028227 • CWE-269: Improper Privilege Management •
CVE-2023-33850 – IBM GSKit-Crypto information disclosure
https://notcve.org/view.php?id=CVE-2023-33850
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132. IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257132 https://www.ibm.com/support/pages/node/7010369 https://www.ibm.com/support/pages/node/7022413 https://www.ibm.com/support/pages/node/7022414 • CWE-203: Observable Discrepancy •
CVE-2023-38732 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-38732
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289. El servidor IBM Robotic Process Automation v21.0.0 a v21.0.7 podría permitir a un usuario autenticado ver información confidencial de los registros de la aplicación. IBM X-Force ID: 262289. • https://exchange.xforce.ibmcloud.com/vulnerabilities/262289 https://www.ibm.com/support/pages/node/7028221 • CWE-532: Insertion of Sensitive Information into Log File •