8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
31.9%
IBM Robotic Process Automation for Cloud Pak is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. This bulletin identifies the security fixes to apply to address this vulnerability.
CVEID:CVE-2022-43844
**DESCRIPTION:**IBM Robotic Process Automation for Cloud Pak is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak.
CVSS Base score: 2.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239081 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Robotic Process Automation for Cloud Pak | < 21.0.3.1 |
IBM strongly recommends addressing the vulnerability now.
Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
---|---|---|
IBM Robotic Process Automation for Cloud Pak | < 21.0.3.1 | Update to 21.0.3.1 or higher using the following instructions. |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm robotic process automation | eq | 20.12. | |
ibm robotic process automation | eq | 21.0.3 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
31.9%