Lucene search

IBMA9AEEC44CD015364A24AABA8CD34D900D836C9755590A1B066AE42DDF3584BFE

HistoryJun 05, 2024 - 8:26 p.m.

Security Bulletin: A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation and may result in a bypass of security restrictions (CVE-2024-0056)

2024-06-0520:26:43

www.ibm.com

microsoft .net core

ibm robotic process automation

security restrictions

vulnerability

updates

bypass

cve-2024-0056

remote attacker

sql data provider

tls traffic

ibm cloud

version 21.0.0

version 23.0.0

security fixes

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.0%

JSON

Summary

A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation resulting in a bypass of security restrictions. Microsoft .NET Core is used by IBM Robotic Process Automation as part of it’s development platform. This bulletin identifies the security fixes to apply to address the vulnerability.

Vulnerability Details

CVEID:CVE-2024-0056
**DESCRIPTION:**Microsoft NET Core and Visual Studio could allow a remote attacker to bypass security restrictions, caused by a flaw in the Data.SqlClient and System.Data.SqlClient SQL Data Provider components. An attacker could exploit this vulnerability to carry out a man-in-the middle attack, and decrypt and read or modify TLS traffic between the client and server.
CVSS Base score: 8.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/276204 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Robotic Process Automation for Cloud Pak	21.0.0 - 21.0.7.13, 23.0.0 - 23.0.14
IBM Robotic Process Automation	21.0.0 - 21.0.7.13, 23.0.0 - 23.0.14

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s)	Version(s) number and/or range	Remediation/Fix/Instructions
IBM Robotic Process Automation	21.0.0 - 21.0.7.13	Download 21.0.7.14 or higher and follow these instructions.
IBM Robotic Process Automation for Cloud Pak	21.0.0 - 21.0.7.13	Update to 21.0.7.14 or higher using the following instructions.
IBM Robotic Process Automation	23.0.0 - 23.0.14	Download 23.0.15 or higher and follow these instructions.

IBM Robotic Process Automation for Cloud Pak

| 23.0.0 - 23.0.14| Update to 23.0.15 or higher using the following instructions.

Workarounds and Mitigations

None.

Affected configurations

Vulners

Node

ibmrobotic_process_automationMatch21.0.0

ibmrobotic_process_automationMatch21.0.7.13

ibmrobotic_process_automationMatch23.0.0

ibmrobotic_process_automationMatch23.0.14

CPENameOperatorVersion
ibm robotic process automationeq21.0.0
ibm robotic process automationeq21.0.7.13
ibm robotic process automationeq23.0.0
ibm robotic process automationeq23.0.14

Name	Operator	Version
ibm robotic process automation	eq	21.0.0
ibm robotic process automation	eq	21.0.7.13
ibm robotic process automation	eq	23.0.0
ibm robotic process automation	eq	23.0.14