Lucene search

IBMA36744804AF445781A7C09D07C87F1128C686D3E51F7AB7E7E61A40BF6B5B275

HistoryMay 04, 2022 - 9:20 p.m.

Security Bulletin: IBM Robotic Process Automation could allow a user with physical access to create an API request modified to create additional objects (CVE-2022-22434)

2022-05-0421:20:25

www.ibm.com

ibm robotic process automation

physical access

api request

additional objects

cve-2022-22434

security bulletin

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

17.6%

JSON

Summary

IBM Robotic Process Automation could allow a user with physical access to create an API request modified to create additional objects

Vulnerability Details

CVEID:CVE-2022-22434
**DESCRIPTION:**IBM Robotic Process Automation could allow a user with physical access to create an API request modified to create additional objects.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224159 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Robotic Process Automation	21.0.2
IBM Robotic Process Automation	21.0.1
IBM Robotic Process Automation as a Service	All

Remediation/Fixes

Affected Product(s)	Version(s)	Fixed Version(s)
IBM Robotic Process Automation	21.0.2	21.0.2.3
IBM Robotic Process Automation	21.0.1	21.0.1.6
IBM Robotic Process Automation as a Service	All	21.0.2.3

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmrobotic_process_automationMatch21.0.0

ibmrobotic_process_automationMatch21.0.1

ibmrobotic_process_automationMatch21.0.2

VendorProductVersionCPE
ibmrobotic_process_automation21.0.0cpe:2.3:a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:*
ibmrobotic_process_automation21.0.1cpe:2.3:a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*
ibmrobotic_process_automation21.0.2cpe:2.3:a:ibm:robotic_process_automation:21.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	robotic_process_automation	21.0.0	cpe:2.3:a:ibm:robotic_process_automation:21.0.0:::::::*
ibm	robotic_process_automation	21.0.1	cpe:2.3:a:ibm:robotic_process_automation:21.0.1:::::::*
ibm	robotic_process_automation	21.0.2	cpe:2.3:a:ibm:robotic_process_automation:21.0.2:::::::*

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

17.6%

JSON

Related for A36744804AF445781A7C09D07C87F1128C686D3E51F7AB7E7E61A40BF6B5B275