Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD0BB2151AF9BF57BFB4B43EBA6D2AF1F60F4D8E8EDD40EC8080808A1EB460700
HistoryJun 01, 2022 - 2:38 p.m.

Security Bulletin: IBM Robotic Process Automation is vulnerable to cross tenant information exposure (CVE-2022-22506)

2022-06-0114:38:03
www.ibm.com
20
ibm robotic process automation
cross tenant exposure
cve-2022-22506
information disclosure
security bulletin

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

15.5%

JSON

Summary

Security Bulletin: IBM Robotic Process Automation is vulnerable to cross tenant information disclosure (CVE-2022-22506)

Vulnerability Details

CVEID:CVE-2022-22506
**DESCRIPTION:**IBM Robotic Process Automation contains a vulnerability that could allow user ids may be exposed across tenants.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227293 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation 21.0.2
IBM Robotic Process Automation for Cloud Pak 21.0.2
IBM Robotic Process Automation as a Service 21.0.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s) Version(s) Remediation/Fix Instructions
IBM Robotic Process Automation 21.0.2 - 21.0.2.1 Download and Apply 21.0.2 IF002 or higher.
IBM Robotic Process Automation for Cloud Pak 21.0.2 - 21.0.2.1 Apply 21.0.2 IF002 or higher.
IBM Robotic Process Automation as a Service 21.0.2 - 21.0.2.1 No action required. IBM RPA SaaS severs have been updated to 21.0.2.2 or higher

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmrobotic_process_automationMatch21.0.2
VendorProductVersionCPE
ibmrobotic_process_automation21.0.2cpe:2.3:a:ibm:robotic_process_automation:21.0.2:*:*:*:*:*:*:*

Related

cve 1
nvd 1
cvelist 1
vulnrichment 1
prion 1
cve
cve
CVE-2022-22506
2024-02-12 20:15:08
nvd
nvd
CVE-2022-22506
2024-02-12 20:15:08
cvelist
cvelist
CVE-2022-22506 IBM Robotic Process Automation information disclosure
2024-02-12 19:09:56
vulnrichment
vulnrichment
CVE-2022-22506 IBM Robotic Process Automation information disclosure
2024-02-12 19:09:56
prion
prion
Design/Logic Flaw
2024-02-12 20:15:00

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0

Percentile

15.5%

JSON
Related for D0BB2151AF9BF57BFB4B43EBA6D2AF1F60F4D8E8EDD40EC8080808A1EB460700
cve1nvd1cvelist1vulnrichment1prion1