Security Bulletin: A vulnerability in NSS may affect IBM Robotic Process Automation for Cloud Pak and result in a remote attacker obtaining sensitive information (CVE-2023-4421).

Summary

NSS is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. (CVE-2023-4421).

Vulnerability Details

CVEID:CVE-2023-4421
**DESCRIPTION:**Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote authenticated attacker to obtain sensitive information, caused by a timing attack in the RSA operations due to incorrect cryptographic implementation. By using new tlsfuzzer code, an attacker could exploit this vulnerability to obtain sensitive information on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268005 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

IBM Robotic Process Automation for Cloud Pak

| 23.0.0 - 23.0.11| Update to 23.0.12 or higher using the following instructions.

Workarounds and Mitigations

None.