Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBDC420B687769B8739E5EB3776E25098B0DE263DE59B68778A62F419C914C106
HistoryMar 08, 2023 - 8:18 p.m.

Security Bulletin: A vulnerability in Microsoft .NET Framework may affect IBM Robotic Process Automation and result in an exposure of sensitive information (CVE-2022-41064)

2023-03-0820:18:19
www.ibm.com
17

5.8 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

1.4 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:H/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

24.8%

JSON

Summary

There is a vulnerability in .NET Framework components used by IBM Robotic Process Automation as part of it’s infrastructure, which may allow a remote authenticated attacker to obtain sensitive information. (CVE-2022-41064). This bulletin identifies the security fixes to apply to address this vulnerability.

Vulnerability Details

CVEID:CVE-2022-41064
**DESCRIPTION:**Microsoft .NET Framework could allow a remote authenticated attacker to obtain sensitive information. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238854 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation 21.0.1 - 21.0.7, 23.0.0 - 23.0.1
IBM Robotic Process Automation for Cloud Pak 21.0.1 - 21.0.7, 23.0.0 - 23.0.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions
IBM Robotic Process Automation < 21.0.7.1 Download 21.0.7.1 or higher, and follow instructions.
IBM Robotic Process Automation 23.0.0-23.0.1 Download 23.0.2 or higher and follow instructions.
IBM Robotic Process Automation for Cloud Pak < 21.0.7.1 Update to 21.0.7.1 or higher using the following instructions.
IBM Robotic Process Automation for Cloud Pak 23.0.0 - 23.0.1 Update to 23.0.2 or higher using the following instructions.

Note: On Premises customers must update their .NET Framework to the November 2022 update or higher.

Workarounds and Mitigations

None.

Related

mskb 21
github 1
cve 1
ubuntucve 1
openvas 4
veracode 1
ibm 2
mscve 1
osv 1
prion 1
nessus 3
kaspersky 1
rapid7blog 1
mskb
mskb
November 8, 2022-KB5020692 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2
2022-11-08 08:00:00
November 8, 2022-Security Only Update for .NET Framework 4.6.2 for Windows Server 2008 SP2 (KB5020681)
2022-11-08 08:00:00
November 8, 2022-Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB5020678)
2022-11-08 08:00:00
github
github
.NET Information Disclosure Vulnerability
2022-11-08 23:00:22
cve
cve
CVE-2022-41064
2022-11-09 22:15:00
ubuntucve
ubuntucve
CVE-2022-41064
2022-11-09 00:00:00
openvas
openvas
Microsoft .NET Framework Information Disclosure Vulnerability (KB5020689)
2023-02-02 00:00:00
Microsoft .NET Framework Information Disclosure Vulnerability (KB5020690)
2023-02-02 00:00:00
Microsoft .NET Framework Information Disclosure Vulnerability (KB5020688)
2023-02-02 00:00:00
veracode
veracode
Information Disclosure
2022-11-10 13:49:48
ibm
ibm
Security Bulletin: A vulnerability in Microsoft .NET Framework may affect IBM Robotic Process Automation and result in an exposure of sensitive information (CVE-2022-41064)
2023-09-11 16:04:21
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
2023-01-30 21:27:00
mscve
mscve
.NET Framework Information Disclosure Vulnerability
2022-11-08 08:00:00
osv
osv
.NET Information Disclosure Vulnerability
2022-11-08 23:00:22
prion
prion
Information disclosure
2022-11-09 22:15:00
nessus
nessus
Security Updates for Microsoft .NET Framework (November 2022)
2022-11-10 00:00:00
KB5019970: Windows 10 LTS 1507 Security Update (November 2022)
2022-11-08 00:00:00
KB5019964: Windows 10 Version 1607 and Windows Server 2016 Security Update (November 2022)
2022-11-08 00:00:00
kaspersky
kaspersky
KLA20040 Multiple vulnerabilities in Microsoft Developer Tools
2022-11-08 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - November 2022
2022-11-08 20:02:57

5.8 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

1.4 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:H/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

24.8%

JSON
Related for BDC420B687769B8739E5EB3776E25098B0DE263DE59B68778A62F419C914C106
mskb21github1cve1ubuntucve1openvas4veracode1ibm2mscve1osv1prion1nessus3kaspersky1rapid7blog1