CVE-2022-36116

Vulnerability

An issue was discovered in Blue Prism Enterprise versions 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the setValidationInfo administrative function [1][2]. Removing the validation applied to newly designed processes increases the chance of successfully hiding malicious code that could be executed in a production environment [1].

Exploitation

Exploitation requires a misconfigured environment where the Blue Prism Application server is exposed. An attacker must have valid authentication to the system. The attacker then reverse engineers the Blue Prism software to circumvent access controls for the administrative setValidationInfo function, enabling them to disable validation checks on newly designed processes [1][2].

Impact

Successful exploitation allows an attacker to disable the validation that is normally applied to newly designed processes. This increases the likelihood of malicious code being hidden within processes and subsequently executed in a production environment, potentially leading to unauthorized actions or data compromise [1].

Mitigation

SS&C Blue Prism has released patches for all supported versions starting at 6.4, and the fix is incorporated in version 7.1 [2]. Cloud customers are not affected as the Blue Prism Cloud platform was built following security best practices [2]. The vendor recommends implementing the Blue Prism Robotic Operating Model (ROM) practices, such as logical network segmentation and restricted access, to reduce the likelihood of exploitation [2].