IBM076AA32F487EA792BB6B8210CA61C927E0159252DF4E2A8B77454467F2041BE6Security Bulletin: Multiple security vulnerabilities in Java affect IBM Robotic Process Automation
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
30.8%
Summary
Java is used by IBM Robotic Process Autoamtion as part of the ILMT, NLP, UMS and Containers (CVE-2023-22006, CVE-2023-22036, CVE-2023-22045, CVE-22049).
Vulnerability Details
CVEID:CVE-2023-22049
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-22036
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Utility component could allow a remote attacker to cause low availability impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261044 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2023-22006
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Networking component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261043 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-22045
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Robotic Process Automation | 21.0.0 - 21.0.7.10, 23.0.0 - 23.0.11 |
| IBM Robotic Process Automation for Cloud Pak | 21.0.0 - 21.0.7.10, 23.0.0 - 23.0.11 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now.
| Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
|---|---|---|
| IBM Robotic Process Automation | 21.0.0 - 21.0.7.10 | Download 21.0.7.11 or higher and follow these instructions. |
| IBM Robotic Process Automation for Cloud Pak | 21.0.0 - 21.0.7.10 | Update to 21.0.7.11 or higher using the following instructions. |
| IBM Robotic Process Automation | 23.0.0 - 23.0.11 | Download 23.0.12 or higher and follow these instructions. |
IBM Robotic Process Automation for Cloud Pak
| 23.0.0 - 23.0.11| Update to 23.0.12 or higher using the following instructions.
Workarounds and Mitigations
None.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | robotic_process_automation | 21.0.0 | cpe:2.3:a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:* |
| ibm | robotic_process_automation | 21.0.7.10 | cpe:2.3:a:ibm:robotic_process_automation:21.0.7.10:*:*:*:*:*:*:* |
| ibm | robotic_process_automation | 23.0.0 | cpe:2.3:a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:* |
| ibm | robotic_process_automation | 23.0.11 | cpe:2.3:a:ibm:robotic_process_automation:23.0.11:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
30.8%