Lucene search

IBMD809CD6789A7E200777CBE3B9A8A4CED52E1F4E79D002D6E21709E8786910EC9

HistoryJun 05, 2024 - 5:52 p.m.

Security Bulletin: A vulnerability in Microsoft Azure Identity affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-21319)

2024-06-0517:52:41

www.ibm.com

microsoft azure identity

ibm robotic process automation

denial of service

vulnerability

security bulletin

cloud pak

version 21.0.7.14

version 23.0.15

software updates

instructions

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

Summary

A vulnerability in Microsoft Azure Identity affects IBM Robotic Process Automation which may result in a denial of service. Microsoft Azure Identity is used by IBM Robotic Process Automation as part of identity management. This bulletin identifies the security fixes to apply to address the vulnerability.

Vulnerability Details

CVEID:CVE-2024-21319
**DESCRIPTION:**Microsoft Azure Identity is vulnerable to a denial of service. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/276229 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Robotic Process Automation for Cloud Pak	21.0.0 - 21.0.7.13, 23.0.0 - 23.0.14
IBM Robotic Process Automation	21.0.0 - 21.0.7.13, 23.0.0 - 23.0.14

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s)	Version(s) number and/or range	Remediation/Fix/Instructions
IBM Robotic Process Automation	21.0.0 - 21.0.7.13	Download 21.0.7.14 or higher and follow these instructions.
IBM Robotic Process Automation for Cloud Pak	21.0.0 - 21.0.7.13	Update to 21.0.7.14 or higher using the following instructions.
IBM Robotic Process Automation	23.0.0 - 23.0.14	Download 23.0.15 or higher and follow these instructions.

IBM Robotic Process Automation for Cloud Pak

| 23.0.0 - 23.0.14| Update to 23.0.15 or higher using the following instructions.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmrobotic_process_automationMatch21.0.0

ibmrobotic_process_automationMatch21.0.7.13

ibmrobotic_process_automationMatch23.0.0

ibmrobotic_process_automationMatch23.0.14

CPENameOperatorVersion
ibm robotic process automationeq21.0.0
ibm robotic process automationeq21.0.7.13
ibm robotic process automationeq23.0.0
ibm robotic process automationeq23.0.14

Name	Operator	Version
ibm robotic process automation	eq	21.0.0
ibm robotic process automation	eq	21.0.7.13
ibm robotic process automation	eq	23.0.0
ibm robotic process automation	eq	23.0.14