CVE-2022-36115
Description
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An attacker can abuse the CreateProcessAutosave() method to inject their own functionality into a development process. If (upon a warning) a user decides to recover unsaved work by using the last saved version, the malicious code could enter the workflow. Should the process action stages not be fully reviewed before publishing, this could result in the malicious code being run in a production environment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated users can inject malicious code into Blue Prism Enterprise workflows via the CreateProcessAutosave() method, potentially leading to code execution in production.
Vulnerability
An issue in Blue Prism Enterprise versions 6.0 through 7.01 allows an authenticated user to reverse engineer the software and circumvent access controls. The vulnerability resides in the CreateProcessAutosave() method, which can be abused to inject custom functionality into a development process. This requires a misconfigured environment where the Blue Prism Application server is exposed.
Exploitation
An attacker with authenticated access to the misconfigured Blue Prism Application server can use the CreateProcessAutosave() method to inject malicious code into a development process. If a user, upon a warning, chooses to recover unsaved work by using the last saved version, the injected code enters the workflow. If the process action stages are not fully reviewed before publishing, the malicious code can be executed in a production environment.
Impact
Successful exploitation allows the attacker to execute arbitrary code in the production environment, potentially compromising the integrity and confidentiality of Blue Prism processes and data. The attacker gains the ability to run malicious workflows with the privileges of the Blue Prism service.
Mitigation
SS&C Blue Prism has released security patches for versions starting at 6.4, with the fixes incorporated in version 7.1 [2]. Cloud customers are not affected. As a workaround, implementing the Blue Prism Robotic Operating Model (ROM) practices—such as logical network segregation, restricted access to approved devices, and allow-listing connections—reduces the likelihood of exploitation [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Blue Prism/Blue Prism Enterprisedescription
- Range: >=6.0 <=7.01
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- blueprism.commitrex_refsource_MISC
- community.blueprism.com/discussion/security-vulnerability-notification-ssc-blue-prism-enterprisemitrex_refsource_MISC
- portal.blueprism.com/security-vulnerabilities-august-2022mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.