9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.7%
Unbound is used by IBM Robotic Process Automation for Cloud Pak as part of antivirus functionality. (CVE-2019-25033). ISC BIND is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. ( CVE-2022-3094). GNU Binutils is used by IBM Robotic Process Automation for Cloud Pak as part of WebSphere Liberty. (CVE-2022-35205, CVE-2022-35206). protobuf-c is used by IBM Robotic Process Automation for Cloud Pak as part of antivirus functionality. (CVE-2022-48468). tpm2-tss is used by IBM Robotic Process Automation for Cloud Pak as part of WebSphere Liberty. (CVE-2023-22745). Microsoft .NET Framework is used by IBM Robotic Process Automation for Cloud Pak as part of the .NET Runtime environment. (CVE-2023-36049). Microsoft ASP.NET is used by IBM Robotic Process Automation for Cloud Pak as part of the .NET Runtime environement. (CVE-2023-36558). This bulletin identifies the steps to take to address the vulnerabilities.
CVEID:CVE-2019-25033
**DESCRIPTION:**Unbound could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the regional allocator. By using the ALIGN_UP macro, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200872 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-3094
**DESCRIPTION:**ISC BIND is vulnerable to a denial of service, caused by the allocation of memory prior to the checking of access permissions (ACLs). By sending an UPDATE message flood, a remote attacker could exploit this vulnerability to cause named to exhaust all available memory.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245430 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2022-35205
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by a reachable assertion failure in function display_debug_names. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264302 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-35206
**DESCRIPTION:**GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference vulnerability in function read_and_display_attr_value in file dwarf.c. By using a specially crafted file, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264303 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-48468
**DESCRIPTION:**An unsigned integer overflow in parse_required_member in protobuf-c has an unknown impact and attack vector.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253266 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2023-22745
**DESCRIPTION:**tpm2-tss is vulnerable to a buffer overflow, caused by improper bounds checking by the Tss2_RC_SetHandler and Tss2_RC_Decode function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245269 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-36049
**DESCRIPTION:**Microsoft .NET, .NET Framework and Visual Studio could allow a remote authenticated attacker to gain elevated privileges on the system. By injecting arbitrary commands in the FTP server, an attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270963 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L)
CVEID:CVE-2023-36558
**DESCRIPTION:**Microsoft ASP.NET could allow a local attacker to bypass security restriction. An attacker could exploit this vulnerability to bypass validations on Blazor Server forms.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270918 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Robotic Process Automation for Cloud Pak | 21.0.0 - 21.0.7.12, 23.0.0 - 23.0.12 |
IBM strongly recommends addressing the vulnerability now.
Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
---|---|---|
IBM Robotic Process Automation for Cloud Pak | 21.0.0 - 21.0.7.12 | Update to 21.0.7.13 or higher using the following instructions. |
IBM Robotic Process Automation for Cloud Pak
| 23.0.0 - 23.0.12| Update to 23.0.13 or higher using the following instructions.
None.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.7%