Lucene search

IBM5452235C0DB8655A47D260CD4BC6DD39100CD2DD29258BDF9B66291BF95C745A

HistoryAug 21, 2023 - 2:31 p.m.

Security Bulletin: A security vulnerability in Microsoft.NET affects IBM Robotic Process Automation and may result in a denial of service (CVE-2023-29331).

2023-08-2114:31:21

www.ibm.com

microsoft .net

ibm robotic process automation

denial of service

vulnerability

cve-2023-29331

security bulletin

software update

cloud pak

mitigation

instructions.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

47.9%

JSON

Summary

IBM Robotic Process Automation in developed using Microsoft .NET (CVE-2023-29331).

Vulnerability Details

CVEID:CVE-2023-29331
**DESCRIPTION:**Microsoft .NET is vulnerable to a denial of service. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256926 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Robotic Process Automation	21.0.0 - 21.0.7.7, 23.0.0 - 23.0.7
IBM Robotic Process Automation for Cloud Pak	21.0.0 - 21.0.7.7, 23.0.0 - 23.0.7

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s)	Version(s) number and/or range	Remediation/Fix/Instructions
IBM Robotic Process Automation	21.0.0 - 21.0.7.7	Download 21.0.7.8 or higher and follow these instructions.
IBM Robotic Process Automation for Cloud Pak	21.0.0 - 21.0.7.7	Update to 21.0.7.8 or higher using the following instructions.
IBM Robotic Process Automation	23.0.0 - 23.0.7	Download 23.0.8 or higher and follow these instructions.

IBM Robotic Process Automation for Cloud Pak

| 23.0.0 - 23.0.7| Update to 23.0.8 or higher using the following instructions.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmrobotic_process_automationMatch21.0.0

ibmrobotic_process_automationMatch21.0.7.7

ibmrobotic_process_automationMatch23.0.0

ibmrobotic_process_automationMatch23.0.7

CPENameOperatorVersion
ibm robotic process automationeq21.0.0
ibm robotic process automationeq21.0.7.7
ibm robotic process automationeq23.0.0
ibm robotic process automationeq23.0.7

Name	Operator	Version
ibm robotic process automation	eq	21.0.0
ibm robotic process automation	eq	21.0.7.7
ibm robotic process automation	eq	23.0.0
ibm robotic process automation	eq	23.0.7