Lucene search

IbmCVE-2022-43574

HistoryNov 03, 2022 - 8:15 p.m.

CVE-2022-43574

2022-11-0320:15:34

CWE-276

ibm

web.nvd.nist.gov

ibm

robotic process automation

rpa

21.0.x

vulnerability

incorrect permission

access control

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

29.7%

JSON

“IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679.”

Affected configurations

Nvd

Vulners

Node

ibmrobotic_process_automationRange<21.0.6

ibmrobotic_process_automation_for_cloud_pakRange<21.0.6

VendorProductVersionCPE
ibmrobotic_process_automation*cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*
ibmrobotic_process_automation_for_cloud_pak*cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	robotic_process_automation	*	cpe:2.3:a:ibm:robotic_process_automation::::::::
ibm	robotic_process_automation_for_cloud_pak	*	cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "IBM Robotic Process Automation",
    "versions": [
      {
        "version": "\"21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5\"",
        "status": "affected"
      }
    ]
  }
]

References

www.ibm.com/support/pages/node/6831645

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

29.7%

JSON

Related for CVE-2022-43574