Lucene search

[email protected]NVD:CVE-2023-45189

HistoryNov 03, 2023 - 11:15 p.m.

CVE-2023-45189

2023-11-0323:15:08

CWE-200

[email protected]

web.nvd.nist.gov

vulnerability

ibm

robotic process automation

cloud pak

access

client vault

credentials

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.1%

JSON

A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.

Affected configurations

NVD

Node

ibmrobotic_process_automation_for_cloud_pakRange21.0.0–21.0.7

ibmrobotic_process_automation_for_cloud_pakRange23.0.0–23.0.10

References

exchange.xforce.ibmcloud.com/vulnerabilities/268752

www.ibm.com/support/pages/node/7065204

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.1%

JSON

Related for NVD:CVE-2023-45189

prion1 cvelist1 cve1 ibm1