CVE-2022-36121
Description
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated users in misconfigured Blue Prism Enterprise environments can abuse the UpdateOfflineHelpData function to change the help URL, enabling spoofing or local file execution.
Vulnerability
An issue in Blue Prism Enterprise versions 6.0 through 7.01 allows an authenticated user to reverse engineer the software and circumvent access controls for the UpdateOfflineHelpData administrative function. This function, intended for updating the offline help URL, can be abused in misconfigured environments where the Blue Prism Application server is exposed. The vulnerability requires that the attacker has valid credentials and network access to the server.
Exploitation
An attacker with authenticated access to the Blue Prism Application server can reverse engineer the application to identify and call the UpdateOfflineHelpData function without proper authorization. By setting the offline help URL to a malicious address, the attacker can spoof the help page or point to a local file. No additional user interaction is required beyond the initial authentication.
Impact
Successful exploitation allows the attacker to change the offline help URL to any location of their choice. This can lead to spoofing of the help page, potentially tricking users into revealing sensitive information, or executing a local file, which could result in information disclosure or further compromise of the system.
Mitigation
Blue Prism has released security patches for all versions starting from 6.4, and the fix is incorporated into version 7.1 [2]. Customers are urged to upgrade to a patched version. As a workaround, implementing the Blue Prism Robotic Operating Model (ROM) practices—such as logically securing the network, limiting access to approved devices, and allow-listing connections—can reduce the likelihood of exploitation. Cloud customers are not affected and require no action [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Blue Prism/Blue Prism Enterprisedescription
- Range: >=6.0 <=7.01
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- blueprism.commitrex_refsource_MISC
- community.blueprism.com/discussion/security-vulnerability-notification-ssc-blue-prism-enterprisemitrex_refsource_MISC
- portal.blueprism.com/security-vulnerabilities-august-2022mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.