Lucene search

[email protected]CVE-2022-43574

HistoryNov 03, 2022 - 8:15 p.m.

CVE-2022-43574

2022-11-0320:15:34

CWE-276

[email protected]

web.nvd.nist.gov

ibm

robotic process automation

rpa

21.0.x

vulnerability

incorrect permission

access control

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

“IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679.”

Affected configurations

Vulners

NVD

Node

n\/aibm_robotic_process_automationMatch21.0.1

n\/aibm_robotic_process_automationMatch21.0.2

n\/aibm_robotic_process_automationMatch21.0.3

n\/aibm_robotic_process_automationMatch21.0.4

n\/aibm_robotic_process_automationMatch21.0.5

CPENameOperatorVersion
ibm:robotic_process_automationibm robotic process automationlt21.0.6
ibm:robotic_process_automation_for_cloud_pakibm robotic process automation for cloud paklt21.0.6

CPE	Name	Operator	Version
ibm:robotic_process_automation	ibm robotic process automation	lt	21.0.6
ibm:robotic_process_automation_for_cloud_pak	ibm robotic process automation for cloud pak	lt	21.0.6

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "IBM Robotic Process Automation",
    "versions": [
      {
        "version": "\"21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5\"",
        "status": "affected"
      }
    ]
  }
]