Security Bulletin: IBM Robotic Process Automation is vulnerable to insufficiently protected access tokens (CVE-2022-22412)

Summary

Security Bulletin: IBM Robotic Process Automation is vulnerable to insufficiently protected access tokens (CVE-2022-22412)

Vulnerability Details

CVEID:CVE-2022-22412
**DESCRIPTION:**IBM Robotic Process Automation could allow a user with access to the local host (client machine) to obtain a login access token.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223019 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)|**Version(s)
**
—|—
IBM Robotic Process Automation| < 21.0.3

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Workarounds and Mitigations

None