CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
A vulnerability in Azure Identity Library for .NET affects IBM Robotic Process Automation and may result in a locally authenticated attacker obtaining sensitive information. Azure Identity Library for .NET is used by IBM Robotic Process Automation as part of identity management. This bulletin identifies the security fixes to apply to address the vulnerability.
CVEID:CVE-2024-29992
**DESCRIPTION:**Azure Identity Library for .NET could allow a local authenticated attacker to obtain sensitive information. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287658 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Robotic Process Automation for Cloud Pak | 21.0.0 - 21.0.7.15, 23.0.0 - 23.0.15 |
IBM Robotic Process Automation | 21.0.0 - 21.0.7.15, 23.0.0 - 23.0.15 |
IBM strongly recommends addressing the vulnerability now.
Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
---|---|---|
IBM Robotic Process Automation | 21.0.0 - 21.0.7.15 | Download 21.0.7.16 or higher and follow these instructions. |
IBM Robotic Process Automation for Cloud Pak | 21.0.0 - 21.0.7.15 | Update to 21.0.7.16 or higher using the following instructions. |
IBM Robotic Process Automation | 23.0.0 - 23.0.15 | Download 23.0.16 or higher and follow these instructions. |
IBM Robotic Process Automation for Cloud Pak
| 23.0.0 - 23.0.15| Update to 23.0.16 or higher using the following instructions.
None.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | robotic_process_automation | 21.0.0 | cpe:2.3:a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:* |
ibm | robotic_process_automation | 21.0.7.15 | cpe:2.3:a:ibm:robotic_process_automation:21.0.7.15:*:*:*:*:*:*:* |
ibm | robotic_process_automation | 23.0.0 | cpe:2.3:a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:* |
ibm | robotic_process_automation | 23.0.15 | cpe:2.3:a:ibm:robotic_process_automation:23.0.15:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High