CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51457 – IBM Robotic Process Automation for Cloud Pak cross-site scripting
https://notcve.org/view.php?id=CVE-2024-51457
22 Jan 2025 — IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7181230 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49824 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2024-49824
18 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement. • https://www.ibm.com/support/pages/node/7177587 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51448 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2024-51448
18 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege. • https://www.ibm.com/support/pages/node/7177586 • CWE-277: Insecure Inherited Permissions •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51456 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2024-51456
12 Jan 2025 — IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks. • https://www.ibm.com/support/pages/node/7180685 • CWE-780: Use of RSA Algorithm without OAEP •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33954 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2022-33954
19 Dec 2024 — IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials. IBM Robotic Process Automation 21.0.1, 21.0.2 y 21.0.3 podrían permitir que un usuario con acceso físico al sistema obtenga información confidencial debido a credenciales insuficientemente protegidas. • https://www.ibm.com/support/pages/node/6608458 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22506 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2022-22506
12 Feb 2024 — IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293. IBM Robotic Process Automation 21.0.2 contiene una vulnerabilidad que podría permitir que los ID de usuario queden expuestos entre inquilinos. ID de IBM X-Force: 227293. • https://exchange.xforce.ibmcloud.com/vulnerabilities/227293 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45189 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-45189
03 Nov 2023 — A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752. Una vulnerabilidad en IBM Robotic Process Automation e IBM Robotic Process Automation para Cloud Pak 21.0.0 a 21.0.7.10, 23.0.0 a 23.0.10 puede provocar acceso... • https://exchange.xforce.ibmcloud.com/vulnerabilities/268752 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43058 – IBM Robotic Process Automation privilege escalation
https://notcve.org/view.php?id=CVE-2023-43058
06 Oct 2023 — IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527. IBM Robotic Process Automation 23.0.9 es vulnerable a la escalada de privilegios que afecta la propiedad de los proyectos. ID de IBM X-Force: 247527. • https://exchange.xforce.ibmcloud.com/vulnerabilities/267527 •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38718 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-38718
20 Sep 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606. IBM Robotic Process Automation 21.0.0 a 21.0.7.8 podría revelar información sensible procedente del acceso a scripts de RPA, flujos de trabajo y datos relacionados. ID de IBM X-Force: 261606. • https://exchange.xforce.ibmcloud.com/vulnerabilities/261606 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40370 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-40370
22 Aug 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263470 •