IBM17C082F4C2F1F0E6F82C9B84AA2FCE3365A766026B26F54CBEDED0811EDF71E0Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to privilege escalation.
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
Summary
IBM Robotic Process Automation for Cloud Pak could allow a local user to perform unauthorized actions due to insufficient permission settings.
Vulnerability Details
CVEID:CVE-2023-22592
**DESCRIPTION:**IBM Robotic Process Automation for Cloud Pak could allow a local user to perform unauthorized actions due to insufficient permission settings.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244073 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Robotic Process Automation for Cloud Pak | < 21.0.5 |
Remediation/Fixes
| **IBM strongly recommends addressing the vulnerability now.**Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
|---|---|---|
| IBM Robotic Process Automation for Cloud Pak | < 21.0.5 | Update to 21.0.5 using the following instructions. |
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm robotic process automation | eq | 21.0.1 | |
| ibm robotic process automation | eq | 21.0.4 |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%