Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM09C84DA23ACE66F2495F4F6C5D6387CD813F956BAC9A02F6B098FB3477C49B56
HistoryOct 24, 2022 - 9:18 p.m.

Security Bulletin: IBM Robotic Process Automation is vulnerable to disclosure of information that could aid in further system attacks. (CVD-2022-38710)

2022-10-2421:18:40
www.ibm.com
7
ibm robotic process automation
vulnerability disclosure
information exposure
system attacks
version information
software update

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

31.1%

JSON

Summary

IBM Robotic Process Automation could potentially expose system and software version information which could aid in further system attacks.

Vulnerability Details

CVEID:CVE-2022-38710
**DESCRIPTION:**IBM Robotic Process Automation could disclose sensitive version information that could aid in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234292 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation < 21.0.3
IBM Robotic Process Automation as a Service < 21.0.3
IBM Robotic Process Automation for Cloud Pak < 21.0.3

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions
IBM Robotic Process Automation < 21.0.3 Download 21.0.3 and follow instructions.
IBM Robotic Process Automation for Cloud Pak < 21.0.3 Download 21.0.3 and follow instructions.
IBM Robotic Process Automation as a Service < 21.0.3 No action required as IBM Robotic Process Automation Servers have been updated.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmrobotic_process_automationMatch21.0.1
OR
ibmrobotic_process_automationMatch21.0.2
VendorProductVersionCPE
ibmrobotic_process_automation21.0.1cpe:2.3:a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*
ibmrobotic_process_automation21.0.2cpe:2.3:a:ibm:robotic_process_automation:21.0.2:*:*:*:*:*:*:*

Related

cnvd 1
cve 1
vulnrichment 1
nvd 1
prion 1
cvelist 1
cnvd
cnvd
IBM Robotic Process Automation Information Disclosure Vulnerability (CNVD-2022-77505)
2022-11-06 00:00:00
cve
cve
CVE-2022-38710
2022-11-03 20:15:29
vulnrichment
vulnrichment
CVE-2022-38710 IBM Robotic Process Automation information disclosure
2022-11-03 00:00:00
nvd
nvd
CVE-2022-38710
2022-11-03 20:15:29
prion
prion
Information disclosure
2022-11-03 20:15:00
cvelist
cvelist
CVE-2022-38710 IBM Robotic Process Automation information disclosure
2022-11-03 00:00:00

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

31.1%

JSON
Related for 09C84DA23ACE66F2495F4F6C5D6387CD813F956BAC9A02F6B098FB3477C49B56
cnvd1cve1vulnrichment1nvd1prion1cvelist1