Lucene search

IbmCVE-2023-38718

HistorySep 20, 2023 - 8:15 p.m.

CVE-2023-38718

2023-09-2020:15:11

CWE-200

ibm

web.nvd.nist.gov

ibm

rpa

robotic process automation

21.0.0

21.0.7.8

cve-2023-38718

nvd

vulnerability

data disclosure

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

13.1%

JSON

IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.

Affected configurations

Nvd

Vulners

Node

ibmrobotic_process_automationRange21.0.0–21.0.7.8

ibmrobotic_process_automationRange23.0.0–23.0.8

Node

ibmrobotic_process_automationRange21.0.0–21.0.7.8cloud_pak

ibmrobotic_process_automationRange23.0.0–23.0.8cloud_pak

VendorProductVersionCPE
ibmrobotic_process_automation*cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:*:*:*
ibmrobotic_process_automation*cpe:2.3:a:ibm:robotic_process_automation:*:*:*:*:*:cloud_pak:*:*

Vendor	Product	Version	CPE
ibm	robotic_process_automation	*	cpe:2.3:a:ibm:robotic_process_automation::::::::
ibm	robotic_process_automation	*	cpe:2.3:a:ibm:robotic_process_automation::::::cloud_pak::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Robotic Process Automation",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "21.0.7.8",
        "status": "affected",
        "version": "21.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "23.0.8",
        "status": "affected",
        "version": "23.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Robotic Process Automation for Cloud Pak",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "21.0.7.8",
        "status": "affected",
        "version": "21.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "23.0.8",
        "status": "affected",
        "version": "23.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/261606

www.ibm.com/support/pages/node/7031619

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

13.1%

JSON

Related for CVE-2023-38718