Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7DCF156D483D5E0EB3680A9AF675469360A69C48E73B6368D223853044308D4F
HistoryMar 07, 2023 - 10:30 p.m.

Security Bulletin: IBM Robotic Process Automation is vulnerable to Cross-Site Scripting.

2023-03-0722:30:34
www.ibm.com
15
ibm
robotic process automation
cloud pak
cross-site scripting
vulnerability
javascript
web ui
credentials disclosure
update
instructions
fix

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.3%

JSON

Summary

IBM Robotic Process Automation for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vulnerability Details

CVEID:CVE-2023-22594
**DESCRIPTION:**IBM Robotic Process Automation for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244075 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation 21.0.0 - 21.0.7.1, 23.0.0 - 23.0.1
IBM Robotic Process Automation for Cloud Pak 21.0.0 - 21.0.7.1, 23.0.0 - 23.0.1
IBM Robotic Process Automation as a Service < 23.0.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions
IBM Robotic Process Automation < 21.0.7.2 Download 21.0.7.2 or higher, and follow instructions.
IBM Robotic Process Automation 23.0.0 - 23.0.1 Download 23.0.2 or higher and follow instructions.
IBM Robotic Process Automation for Cloud Pak < 21.0.7.1 Update to 21.0.7.2 or higher using the following instructions.
IBM Robotic Process Automation for Cloud Pak 23.0.0 - 23.0.1 Update to 23.0.2 or higher using the following instructions.
IBM Robotic Process Automation as a Service < 23.0.1 No action is necessary as all IBM Robotic Process Automation as a Service servers have been updated to 23.0.2 or higher.

Workarounds and Mitigations

None.

Affected configurations

Vulners
Node
ibmrobotic_process_automationMatch20.12.
OR
ibmrobotic_process_automationMatch21.0.4
VendorProductVersionCPE
ibmrobotic_process_automation20.12.cpe:2.3:a:ibm:robotic_process_automation:20.12.:*:*:*:*:*:*:*
ibmrobotic_process_automation21.0.4cpe:2.3:a:ibm:robotic_process_automation:21.0.4:*:*:*:*:*:*:*

Related

prion 1
nvd 1
cve 1
cvelist 1
prion
prion
Cross site scripting
2023-01-18 19:15:00
nvd
nvd
CVE-2023-22594
2023-01-18 19:15:12
cve
cve
CVE-2023-22594
2023-01-18 19:15:12
cvelist
cvelist
CVE-2023-22594 IBM Robotic Process Automation for Cloud Pak cross-site scripting
2023-01-18 18:41:26

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.3%

JSON
Related for 7DCF156D483D5E0EB3680A9AF675469360A69C48E73B6368D223853044308D4F
prion1nvd1cve1cvelist1