Lucene search

IBM162AE83D4E0D00CE9D3FA7DBB3038D2D6758EAE76C2560F85FEBF192B466CFA4

HistoryJul 31, 2024 - 6:44 p.m.

Security Bulletin: A vulnerability in Azure Identity Library for .NET affects IBM Robotic Process Automation and may result in a locally authenticated attacker obtaining sensitive information (CVE-2024-29992)

2024-07-3118:44:31

www.ibm.com

azure identity library

ibm robotic process automation

.net

vulnerability

sensitive information

cve-2024-29992

security fixes

identity management

ibm

cloud pak

version

remediation

instructions

workarounds

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.9

Confidence

High

JSON

Summary

A vulnerability in Azure Identity Library for .NET affects IBM Robotic Process Automation and may result in a locally authenticated attacker obtaining sensitive information. Azure Identity Library for .NET is used by IBM Robotic Process Automation as part of identity management. This bulletin identifies the security fixes to apply to address the vulnerability.

Vulnerability Details

CVEID:CVE-2024-29992
**DESCRIPTION:**Azure Identity Library for .NET could allow a local authenticated attacker to obtain sensitive information. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287658 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Robotic Process Automation for Cloud Pak	21.0.0 - 21.0.7.15, 23.0.0 - 23.0.15
IBM Robotic Process Automation	21.0.0 - 21.0.7.15, 23.0.0 - 23.0.15

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s)	Version(s) number and/or range	Remediation/Fix/Instructions
IBM Robotic Process Automation	21.0.0 - 21.0.7.15	Download 21.0.7.16 or higher and follow these instructions.
IBM Robotic Process Automation for Cloud Pak	21.0.0 - 21.0.7.15	Update to 21.0.7.16 or higher using the following instructions.
IBM Robotic Process Automation	23.0.0 - 23.0.15	Download 23.0.16 or higher and follow these instructions.

IBM Robotic Process Automation for Cloud Pak

| 23.0.0 - 23.0.15| Update to 23.0.16 or higher using the following instructions.

Workarounds and Mitigations

None.

Affected configurations

Vulners

Node

ibmrobotic_process_automationMatch21.0.0

ibmrobotic_process_automationMatch21.0.7.15

ibmrobotic_process_automationMatch23.0.0

ibmrobotic_process_automationMatch23.0.15

VendorProductVersionCPE
ibmrobotic_process_automation21.0.0cpe:2.3:a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:*
ibmrobotic_process_automation21.0.7.15cpe:2.3:a:ibm:robotic_process_automation:21.0.7.15:*:*:*:*:*:*:*
ibmrobotic_process_automation23.0.0cpe:2.3:a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:*
ibmrobotic_process_automation23.0.15cpe:2.3:a:ibm:robotic_process_automation:23.0.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	robotic_process_automation	21.0.0	cpe:2.3:a:ibm:robotic_process_automation:21.0.0:::::::*
ibm	robotic_process_automation	21.0.7.15	cpe:2.3:a:ibm:robotic_process_automation:21.0.7.15:::::::*
ibm	robotic_process_automation	23.0.0	cpe:2.3:a:ibm:robotic_process_automation:23.0.0:::::::*
ibm	robotic_process_automation	23.0.15	cpe:2.3:a:ibm:robotic_process_automation:23.0.15:::::::*