28 matches found
Security Bulletin: IBM Robotic Process Automation is vulnerable to disclosure of chatbot credentials (CVE-2022-33954))
Summary Security Bulletin: IBM Robotic Process Automation is vulnerable to disclosure of chatbot credentials CVE-2022-33954 Vulnerability Details CVEID:CVE-2022-33954 DESCRIPTION: IBM Robotic Process Automation could allow a user with psychical access to the system to obtain sensitive information...
Security Bulletin: IBM Robotic Process Automation is vulnerable to insufficiently protected credential for users created via bulk upload (CVE-2022-33169)
Summary Security Bulletin: IBM Robotic Process Automation is vulnerable to insufficiently protected credential for users created via bulk upload CVE-2022-33169 Vulnerability Details CVEID:CVE-2022-33169 DESCRIPTION: IBM Robotic Process Automation is vulnerable to insufficiently protected...
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Summary LibTIFF is used by IBM Robotic Process Automation for Cloud Pak as part of the .NET Core and Watson NLP CVE-2022-48281, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, . ncurses is used by IBM Robotic Process Automation for Cloud Pak as part of base container...
Security Bulletin: A vulnerability in IBM Robotic Process Automation may result in exposure of the name and email for the creator/modifier of platform level objects (CVE-2022-43573)
Summary There is a vulnerability in IBM Robotic Process Automation. Accessing specific platform level objects created in RPA may expose the creator or modifiers email address. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details...
Security Bulletin: A vulnerability in react affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-45296).
Summary A vulnerability in React affects IBM Robotic Process Automation and may result in a denial of service. React is used by IBM Robotic Process Automation as part of it's UI Framework. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities in Watson NLP affect IBM Robotic Process Automation
Summary Multiple vulnerabilities in Watson NLP affect IBM Robotic Process Automation. Watson NLP is used by IBM Robotic Process Automation for Natural Language Understanding. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak.
Summary XZ is used by IBM Robotic Process Automation for Cloud Pak as part of base container images, Watson NLP and WebSphere Liberty. CVE-2020-22916. File is used by IBM Robotic Process Automation for Cloud Pak as part of the base container images, Watson NLP and WebSphere Liberty. CVE-2022-4855...
Security Bulletin: Multiple security vulnerabilities in Java affect IBM Robotic Process Automation
Summary Java is used by IBM Robotic Process Autoamtion as part of the ILMT, NLP, UMS and Containers CVE-2023-22006, CVE-2023-22036, CVE-2023-22045, CVE-22049. Vulnerability Details CVEID: CVE-2023-22049 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could...
Cross site request forgery (csrf)
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470...
Security Bulletin: IBM Robotic Process Automation is vulnerable to client side validation bypass (CVE-2023-35901)
Summary IBM Robotic Process Automation is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. CVE-2023-35901 Vulnerability Details CVEID:CVE-2023-35901 DESCRIPTION: IBM Robotic Process Automation is vulnerable to client side validation bypass...
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation as part of the Watson NLP functionality CVE-2015-20107. GNOME libxml2 is used by IBM Robotic Process Automation as part of container base images,...
Security Bulletin: IBM Robotic Process Automation is vulnerable to cross site scripting due to jquery-ui (CVE-2022-31160)
Summary jquery-ui is used by IBM Robotic Process Automation as part of the RPA Dashboard. CVE-2022-31160 Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A...
CVE-2022-39168
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422...
Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Summary Security Bulletin: Multiple vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak Vulnerability Details CVEID:CVE-2022-27782 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by an easy connection reuse flaw for TLS and SSH. ...
Default credentials
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634...
Security Bulletin: IBM Robotic Process Automation may be affected by multiple vulnerabilities in open source components (CVE-2019-0820, CVE-2020-15522, CVE-2021-43569)
Summary Multiple vulnerabilities in IBM Robotic Process Automation 21.0.1brBouncy Castle is used by IBM Robotic Process Automation as part of it's cryptograpy implementation. CVE-2020-15522.brStark Bank Elixir is used by IBM Robotic Process Automation as part of it's cryptograpy implementation...
Security Bulletin: IBM Robotic Process Automation is vulnerable to insufficiently protected access tokens (CVE-2022-33953))
Summary Security Bulletin: IBM Robotic Process Automation is vulnerable to insufficiently protected access tokens CVE-2022-33953 Vulnerability Details CVEID: CVE-2022-33953 DESCRIPTION: IBM Robotic Process Automation could allow a user with psychical access to the system to obtain sensitive...
Design/Logic Flaw
IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026...
Design/Logic Flaw
A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029...
Security Bulletin: PostgreSQL vulnerabilities in IBM Robotic Process Automation with Automation Anywhere - CVE-2021-3393
Summary IBM Robotic Process Automation with Automation Anywhere is vulnerable to attacks involving PostgreSQL. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Robotic Process...