Lucene search

IbmCVELIST:CVE-2023-35900

HistoryJul 19, 2023 - 12:58 a.m.

CVE-2023-35900 IBM Robotic Process Automation information disclosure

2023-07-1900:58:53

CWE-200

ibm

www.cve.org

ibm

robotic process automation

cloud pak

vulnerability

information disclosure

x-force id

operating system

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

26.6%

JSON

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Robotic Process Automation",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "21.0.7.4",
        "status": "affected",
        "version": "21.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "23.0.5",
        "status": "affected",
        "version": "23.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/259368

www.ibm.com/support/pages/node/7010895

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

26.6%

JSON

Related for CVELIST:CVE-2023-35900