CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-35900 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-35900
19 Jul 2023 — IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259368 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-35901 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2023-35901
16 Jul 2023 — IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259380 • CWE-287: Improper Authentication •
CVSS: 3.9EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22591 – IBM Robotic Process Automation session fixation
https://notcve.org/view.php?id=CVE-2023-22591
15 Mar 2023 — IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710. • https://exchange.xforce.ibmcloud.com/vulnerabilities/243710 • CWE-613: Insufficient Session Expiration •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-46773 – IBM Robotic Process Automation security bypass
https://notcve.org/view.php?id=CVE-2022-46773
15 Mar 2023 — IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951. • https://exchange.xforce.ibmcloud.com/vulnerabilities/242951 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25680 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-25680
15 Mar 2023 — IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247032 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22863 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-22863
18 Jan 2023 — IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 244109. IBM Robotic Process Automation 20.12.0 a 21.0.2 utiliza de forma predeterminada HTTP en algunos comandos RPA cuando el prefijo no se especifica explícitamente en la URL. Esto podría permitir a un atacante obtener información confidencial utili... • https://exchange.xforce.ibmcloud.com/vulnerabilities/244109 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22594 – IBM Robotic Process Automation for Cloud Pak cross-site scripting
https://notcve.org/view.php?id=CVE-2023-22594
18 Jan 2023 — IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075. IBM Robotic Process Automation para Cloud Pak 20.12.0 a 21.0.4 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en l... • https://exchange.xforce.ibmcloud.com/vulnerabilities/244075 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-43573 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2022-43573
05 Jan 2023 — IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678. • https://exchange.xforce.ibmcloud.com/vulnerabilities/238678 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-38710 – IBM Robotic Process Automation information disclosure
https://notcve.org/view.php?id=CVE-2022-38710
03 Nov 2022 — IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 234292. "IBM Robotic Process Automation 21.0.1 y 21.0.2 podrían revelar información confidencial de la versión que podría ayudar en futuros ataques contra el sistema. IBM X-Force ID: 234292". IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further at... • https://exchange.xforce.ibmcloud.com/vulnerabilities/234292 • CWE-312: Cleartext Storage of Sensitive Information CWE-319: Cleartext Transmission of Sensitive Information CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36774
https://notcve.org/view.php?id=CVE-2022-36774
06 Oct 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle attacks through manipulation of the client proxy configuration. IBM X-Force ID: 233575. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, es vulnerable a ataques de tipo man in the middle mediante la manipulación de la configuración del proxy del cliente. IBM X-Force ID: 233575 • https://exchange.xforce.ibmcloud.com/vulnerabilities/233575 •