Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC6114551E80BAE33FC102F1F1AE4C07E846D0550E50A8CB7F5F3546C7A679832
HistoryJun 21, 2023 - 10:07 p.m.

Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to security misconfiguration which may result in elevated privileges (CVE-2023-22593).

2023-06-2122:07:35
www.ibm.com
18
ibm
robotic process automation
cloud pak
redis
misconfiguration
elevated privileges
cve-2023-22593
vulnerability
security fixes
update
instructions

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.0%

JSON

Summary

IBM Robotic Process Automation for Cloud Pak is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges (CVE-2023-22593). This bulletin identifies the security fixes to apply to address this vulnerability.

Vulnerability Details

CVEID:CVE-2023-22593
**DESCRIPTION:**IBM Robotic Process Automation for Cloud Pak is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244074 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation for Cloud Pak 21.0.1-21.0.7.3, 23.0.0 - 23.0.3

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions
IBM Robotic Process Automation for Cloud Pak 21.0.1 - 21.0.7.3 Update to 21.0.7.4 or higher using the following instructions.
IBM Robotic Process Automation for Cloud Pak 23.0.0 - 23.0.3 Update to 23.0.4 or higher using the following instructions.

Workarounds and Mitigations

None.

Affected configurations

Vulners
Node
ibmrobotic_process_automationMatch21.0.1
OR
ibmrobotic_process_automationMatch21.0.7.3
OR
ibmrobotic_process_automationMatch23.0.0
OR
ibmrobotic_process_automationMatch23.0.3
VendorProductVersionCPE
ibmrobotic_process_automation21.0.1cpe:2.3:a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*
ibmrobotic_process_automation21.0.7.3cpe:2.3:a:ibm:robotic_process_automation:21.0.7.3:*:*:*:*:*:*:*
ibmrobotic_process_automation23.0.0cpe:2.3:a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:*
ibmrobotic_process_automation23.0.3cpe:2.3:a:ibm:robotic_process_automation:23.0.3:*:*:*:*:*:*:*

Related

cve 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2023-22593
2023-06-27 19:15:09
prion
prion
Design/Logic Flaw
2023-06-27 19:15:00
cvelist
cvelist
CVE-2023-22593 IBM Robotic Process Automation for Cloud Pak security configuration
2023-06-27 18:00:38
nvd
nvd
CVE-2023-22593
2023-06-27 19:15:09

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.0%

JSON
Related for C6114551E80BAE33FC102F1F1AE4C07E846D0550E50A8CB7F5F3546C7A679832
cve1prion1cvelist1nvd1