Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM222CF60E95333B77A2424450CE5346635B4BF37003AC0209FFF6FA9CCFCECF00
HistoryOct 06, 2022 - 4:10 a.m.

Security Bulletin: IBM Robotic Process Automation is vulnerable to Clickjacking (CVE-2022-22503)

2022-10-0604:10:57
www.ibm.com
25
ibm robotic process automation
clickjacking vulnerability
remote attacker
malicious website
version 21.0.1
remediation
fix instructions

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.3%

JSON

Summary

IBM Robotic Process Automation could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.

Vulnerability Details

CVEID:CVE-2022-22503
**DESCRIPTION:**IBM Robotic Process Automation could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227125 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation < 21.0.1
IBM Robotic Process Automation as a Service < 21.0.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions
IBM Robotic Process Automation < 21.0.1 Download 21.0.1 and follow instructions.
IBM Robotic Process Automation as a Service < 21.0.1 All IBM Robotic Process Automation as a Service servers have been updated to 21.0.1 or higher.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmrobotic_process_automationMatch21.0.0
VendorProductVersionCPE
ibmrobotic_process_automation21.0.0cpe:2.3:a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:*

Related

nvd 1
cvelist 1
prion 1
cnvd 1
cve 1
nvd
nvd
CVE-2022-22503
2022-10-06 18:15:52
cvelist
cvelist
CVE-2022-22503
2022-10-06 17:15:25
prion
prion
Design/Logic Flaw
2022-10-06 18:15:00
cnvd
cnvd
IBM Robotic Process Automation Clickjacking Vulnerability
2022-10-08 00:00:00
cve
cve
CVE-2022-22503
2022-10-06 18:15:52

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.3%

JSON
Related for 222CF60E95333B77A2424450CE5346635B4BF37003AC0209FFF6FA9CCFCECF00
nvd1cvelist1prion1cnvd1cve1